Explore a comprehensive conference talk on Grapl, a graph platform designed for detection and response in cybersecurity. Delve into the power of graph-based approaches, understanding nodes, edges, and their applications in security contexts. Learn about Grapl's functionalities, including master graph creation, identification techniques, and various detection methods. Discover how to leverage asset lenses, best practices, and investigation tools like Jupiter notebooks. Gain insights into engagement and process graphs, platform setup, and participate in a Q&A session to deepen your understanding of this innovative security solution.
Grapl - A Graph Platform for Detection and Response
Overview
Syllabus
Introduction
Nodes and edges
Graphs are powerful
Graphs and security
Bloodhound
Logs
What Grapl does
Master Graph
Identification
Session Based Identification
Log Based Detection
Relationship Based Detection
Asset Lens
parentchild counter
binary signature
best practices
investigations
parentpit
switch tabs
Jupiter notebook
Engagement graph
Process graph
Platform
Setup
Questions
Taught by
BSidesLV
Related Courses
-
Graph Based Detection and Response with Grapl
-
Incident Detection and Response
-
Breaking the Attack Graph - How to Leverage Graphs to Strengthen Security in a Domain Environment
-
Dragos ICS Threat Detection and Response Platform Demo
-
Graph-Charged Cybersecurity Intelligence
-
The Response Ready Infrastructure
