Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Graph Based Detection and Response with Grapl

Security BSides San Francisco via YouTube

Overview

Explore graph-based detection and response techniques using Grapl in this 46-minute conference talk from BSidesSF 2020. Learn how to leverage graphs and Python to build powerful, behavior-oriented attack signatures and investigate suspicious activities in your environment. Discover the fundamentals of graph analytics, including examples from financial security and tools like Bloodhound and CloudMapper. Dive into log-based detection, identity management, and Python analyzers. Gain insights on conducting log-based investigations, finding parent processes, and utilizing Jupiter notebooks. Explore advanced topics such as lenses, graph engagements, pivoting behaviors, and visualization techniques. Understand process tree analysis, recursive queries, and how to set up Grapl for enhanced security detection and response capabilities.

Syllabus

Introduction
What is a graph
Examples of graphs
Financial security
Graphs
Bloodhound
CloudMapper
Logs
Nodes
Identity
Logbased Detection
Word and PowerShell
Fundamentals
Python
Python Analyzer
Logbased investigations
Finding the parent process
Jupiter notebooks
Lenses
Graph
Engagements
Pivoting
Pivoting behavior
Visualization and investigation
Grapl plugin
Process tree analysis
Recursive queries
Setting up Grapl

Taught by

Security BSides San Francisco

Reviews

Start your review of Graph Based Detection and Response with Grapl

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.