Overview
Explore a comprehensive conference talk on Grapl, a graph platform designed for detection and response in cybersecurity. Delve into the power of graph-based approaches, understanding nodes, edges, and their applications in security contexts. Learn about Grapl's functionalities, including master graph creation, identification techniques, and various detection methods. Discover how to leverage asset lenses, best practices, and investigation tools like Jupiter notebooks. Gain insights into engagement and process graphs, platform setup, and participate in a Q&A session to deepen your understanding of this innovative security solution.
Syllabus
Introduction
Nodes and edges
Graphs are powerful
Graphs and security
Bloodhound
Logs
What Grapl does
Master Graph
Identification
Session Based Identification
Log Based Detection
Relationship Based Detection
Asset Lens
parentchild counter
binary signature
best practices
investigations
parentpit
switch tabs
Jupiter notebook
Engagement graph
Process graph
Platform
Setup
Questions
Taught by
BSidesLV