Overview
Syllabus
Intro
Overview
Introducing Peter
Why we are here
Who has a SIEM
Assumptions
Methodology
Use Case Criteria
Top 10 Use Case 1
Top 10 Use Case 2
User Password Spraying
Antivirus Virus Detected
Windows Workstation Communication
User Added to Domain Administrator Group
New Service Account Creation Registration
Service Account Performing NonService Account Actions
NetFlow
Honorable Mentions
Recommendations
Download Presentation
Contact Information
How does an organization collect work station logs
Identify which websites should users in general
Baseline server traffic
Threat intelligence lists
How to get your MSSP to do these things
Get better and better at it
They dont know your environment
Vendor specifics
Encrypted update uploads