SOC Automation - Enterprise Blueprinting and Hunting Using Open-Source Tools

SOC Automation - Enterprise Blueprinting and Hunting Using Open-Source Tools

RSA Conference via YouTube Direct link

Leveraging OsQuery

8 of 25

8 of 25

Leveraging OsQuery

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

SOC Automation - Enterprise Blueprinting and Hunting Using Open-Source Tools

Automatically move to the next video in the Classroom when playback concludes

  1. 1 RSAConference 2019 San Francisco March 4-8 Moscone Center
  2. 2 Know Your Environment
  3. 3 "Blueprinting" Methods Reactive • Firehose
  4. 4 Tools and Procedures
  5. 5 Intro to OsQuery
  6. 6 Pros/Cons
  7. 7 Low Prevalence Executables
  8. 8 Leveraging OsQuery
  9. 9 Getting ARP data from OsQuery
  10. 10 Automation Overview
  11. 11 Where do you put your data?
  12. 12 Data Collection
  13. 13 Data Storage
  14. 14 Querying Data
  15. 15 Docker
  16. 16 Filebeat
  17. 17 Next Steps
  18. 18 Using Statistical Analysis for Threat Hunting
  19. 19 Analyzing Data
  20. 20 Hunting Methodologies
  21. 21 Mac Addresses - Uncommon Environmental OUIS
  22. 22 Prevalence of Executables
  23. 23 Filtering Data
  24. 24 Mass Searching
  25. 25 A Story of Two Executables (PLink)

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.