Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

SOC Automation - Enterprise Blueprinting and Hunting Using Open-Source Tools

RSA Conference via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore advanced SOC techniques in this conference talk focusing on enterprise blueprinting, automation, and threat hunting using open-source tools. Gain insights into building comprehensive network visibility, reducing SOC fatigue through task automation, and conducting effective hunts for unknown threats. Learn to leverage native operating system tools and osquery for network blueprinting, implement automation strategies for critical tasks, and utilize properly collected and organized data for advanced threat detection. Discover methods for analyzing low prevalence executables, leveraging OsQuery for ARP data collection, and implementing Docker and Filebeat for efficient data management. Delve into statistical analysis techniques for threat hunting, including methodologies for identifying uncommon environmental OUIs and executable prevalence. Master the art of filtering data, conducting mass searches, and uncover real-world examples of threat detection through the examination of specific executables like PLink.

Syllabus

RSAConference 2019 San Francisco March 4-8 Moscone Center
Know Your Environment
"Blueprinting" Methods Reactive • Firehose
Tools and Procedures
Intro to OsQuery
Pros/Cons
Low Prevalence Executables
Leveraging OsQuery
Getting ARP data from OsQuery
Automation Overview
Where do you put your data?
Data Collection
Data Storage
Querying Data
Docker
Filebeat
Next Steps
Using Statistical Analysis for Threat Hunting
Analyzing Data
Hunting Methodologies
Mac Addresses - Uncommon Environmental OUIS
Prevalence of Executables
Filtering Data
Mass Searching
A Story of Two Executables (PLink)

Taught by

RSA Conference

Reviews

Start your review of SOC Automation - Enterprise Blueprinting and Hunting Using Open-Source Tools

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.