Tweet
Title: (Beginner) Threat Hunting with the Elastic Stack
Description:
This hands-on workshop will walk you through leveraging the open source Elastic (ELK) stack to proactively identify attacker activity hiding within diverse data sets. The basic tools and techniques taught during this workshop can be used to investigate isolated security incidents or implemented at scale for continuous monitoring and threat hunting. You will be provided with access to a preconfigured Elastic cluster and extensive sample logs containing malicious endpoint and network events waiting to be discovered on a simulated enterprise network. Emphasis will be placed on live demos and practical training exercises throughout.
With all new logs and revamped material from our past versions of this workshop, this year's hands-on workshop will walk attendees through leveraging the open source Elastic (ELK) stack to proactively identify malicious activity hiding within diverse data sets. The basic tools and techniques taught during this class can be used to investigate isolated security incidents or implemented at scale for continuous monitoring and threat hunting. Attendees will be provided with access to a preconfigured Elastic cluster and extensive sample logs containing malicious endpoint and network events waiting to be discovered on a simulated enterprise network. New for this year, attacker artifacts will be more closely mapped to the MITRE ATT&CK Framework and tagged accordingly in the provided logs to help demonstrate the value of log enrichment, showcase both common and novel real-world attacker TTPs, and leverage a methodological approach to adversary and anomaly detection. Emphasis will be placed on live demos and practical training exercises throughout.
Speaker(s): Ben Hughes
Location: Blue Team Vlg / Blue Team Vlg - Workshop Track 2
Discord: https://discord.com/channels/7082082...54317658734613
Event starts: 2020-08-07 15:00 (03:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-07 16:30 (04:30 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-02T22:58 (UTC).
Description:
This hands-on workshop will walk you through leveraging the open source Elastic (ELK) stack to proactively identify attacker activity hiding within diverse data sets. The basic tools and techniques taught during this workshop can be used to investigate isolated security incidents or implemented at scale for continuous monitoring and threat hunting. You will be provided with access to a preconfigured Elastic cluster and extensive sample logs containing malicious endpoint and network events waiting to be discovered on a simulated enterprise network. Emphasis will be placed on live demos and practical training exercises throughout.
With all new logs and revamped material from our past versions of this workshop, this year's hands-on workshop will walk attendees through leveraging the open source Elastic (ELK) stack to proactively identify malicious activity hiding within diverse data sets. The basic tools and techniques taught during this class can be used to investigate isolated security incidents or implemented at scale for continuous monitoring and threat hunting. Attendees will be provided with access to a preconfigured Elastic cluster and extensive sample logs containing malicious endpoint and network events waiting to be discovered on a simulated enterprise network. New for this year, attacker artifacts will be more closely mapped to the MITRE ATT&CK Framework and tagged accordingly in the provided logs to help demonstrate the value of log enrichment, showcase both common and novel real-world attacker TTPs, and leverage a methodological approach to adversary and anomaly detection. Emphasis will be placed on live demos and practical training exercises throughout.
Speaker(s): Ben Hughes
Location: Blue Team Vlg / Blue Team Vlg - Workshop Track 2
Discord: https://discord.com/channels/7082082...54317658734613
Event starts: 2020-08-07 15:00 (03:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-07 16:30 (04:30 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-02T22:58 (UTC).