Explore a comprehensive conference talk on leveraging SIEM (Security Information and Event Management) systems to detect and prevent penetration testing activities. Learn about the top 10 use cases for SIEM, including user password spraying, antivirus detection, Windows workstation communication, and domain administrator group changes. Discover methodologies for implementing effective use cases, criteria for selection, and honorable mentions. Gain insights into collecting workstation logs, baselining server traffic, and utilizing threat intelligence lists. Understand how to optimize your MSSP (Managed Security Service Provider) relationship and continuously improve your security posture. Delve into vendor-specific considerations and encrypted update uploads to enhance your organization's cybersecurity defenses.
Overview
Syllabus
Intro
Overview
Introducing Peter
Why we are here
Who has a SIEM
Assumptions
Methodology
Use Case Criteria
Top 10 Use Case 1
Top 10 Use Case 2
User Password Spraying
Antivirus Virus Detected
Windows Workstation Communication
User Added to Domain Administrator Group
New Service Account Creation Registration
Service Account Performing NonService Account Actions
NetFlow
Honorable Mentions
Recommendations
Download Presentation
Contact Information
How does an organization collect work station logs
Identify which websites should users in general
Baseline server traffic
Threat intelligence lists
How to get your MSSP to do these things
Get better and better at it
They dont know your environment
Vendor specifics
Encrypted update uploads
