DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

PatrOwl - Red flavour of SOC automation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • PatrOwl - Red flavour of SOC automation

    A company, regardless of its size and market power, may go out of business or lose a lot of value because of a security incident on its information system. The number of vulnerabilities and the interest of cyber-attackers is only increasing. With the advent of the monetization of botnet cyber attacks or the installation of crypto-miners for example, the threats are going more varied and intensified, but less targeted. The vast majority of companies are digital and increasingly exposed on the Internet. The level of cyber exposure is also higher. The "Cyber" risk has become vital. Today, everything has changed and tomorrow everything will change even faster. Where manual analysis was sufficient, paradigms of risk assessment are moving towards more automation. But **we need intelligent automation**.

    This automation strategy also tends to address the drastic lack of competent cyber security resources and retention of talents. The automation of recurrent, time-consuming and low-value-added tasks will allow teams to focus on more complex and therefore more motivating topics. To efficiently support this strategy, we developed PatrOwl, an Open Source, Free and Scalable Security Operations Orchestration Platform. Technically, PatrOwl is a solution for automating calls to commercial or open source tools that perform checks. To date, more than 140 tools or online services are supported. Beyond centralizing the results (vulnerabilities, meta-data, asset metadata) obtained, the PatrOwl analysis engine compares these results with its knowledge base and other third-party services to determine scenarios of attacks (predictive analysis) or to trigger actions (alerting, program calls, ...). Largely customizable, PatrOwl is suitable for supporting penetration testing, vulnerability audit and compliance, static source audit, threat research (CTI) and security incident response activities (SOC / DFIR).

    Speaker(s): Nicolas MATTIOCCO

    Location: Red Team Vlg

    Discord: https://discord.com/channels/7082082...77357820411944

    Event starts: 2020-08-09 01:00 (01:00 AM) PDT (UTC -07:00)

    Event ends: 2020-08-09 02:00 (02:00 AM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-02T05:07 (UTC).
    Starts
    August 9, 2020 01:00
    Ends
    August 9, 2020 02:00
    Location
    Red Team Vlg
Working...
X