Explore network baseline techniques for enhancing small security programs in this NolaCon 2017 conference talk. Delve into malware detection, heuristic detection, application whitelisting, and logging strategies. Learn to leverage Bro logs, implement Elasticsearch, and create baseline reports. Discover how to collect traffic, set up alerts, and automate baseline processes. Gain insights into Security Onion's GUI and practical use cases. Access valuable resources on GitHub to strengthen your organization's network security posture.
Overview
Syllabus
Intro
Stolen Slideshow Template
Why am I here
Goal
Malware Detection
Heuristic Detection
Application Whitelisting
Logging
Network Activity
Bro Logs
Bro Log Formatting
Cheat Sheet
Elastics
MyPorts
Events
Print
New Connection
Baseline Report
Manual Baseline
Parse Log
Network Overview
Subnet Mask
Modify Baseline Report
Collect Traffic
Alerts
Logs
Custom Date
Create Separate Files
parse logs
auto baseline
run forward script
restart
Security Onion
Use Cases
GUI
Github
