Webinar • Ciberseguridad: LogRhythm Europe

Dabble or deep dive: Threat hunting you can do with available resourcesAgéndalo en tu calendario habitual ¡en tu horario!

Lunes, 25 de febrero de 2019, de 05.00 a 06.00 hs Horario de Virginia (US)
Webinar en inglés

In this real training for free session, we will discuss the minimum toolset and data requirements (and not necessarily volume) you need for successful threat hunting. We will take into account that while some of you can devote most of your time to threat hunting, most of us have limited time and resources for this activity. The good news is that threat hunting is flexible and anyone can do it, ranging from a few hours a week to full-time. As an example, a great type of threat hunting is to look for unrecognised/suspicious executables running on your network. You can dip your toe in the water with this type of hunt with a small commitment of time and resources or you can dive in deep with a major data collection and analysis effort. Starting out simple means you just focus on EXE names; baseline the EXE names being executed on your network, and then perform a daily review of new EXE names showing up for the first time. You can get this information from event ID 4688 and the query capabilities are very light. But I think you’ll be surprised what you are able to learn and catch. We will take the same approach with a total of 7 types of threat hunting: Recognising suspicious software Scripting abuse AV follow-up Lateral movement Persistence DNS abuse Bait-the-bad-guy

¿Le gustaría hacer webinars o eventos online con nosotros?
Sponsors
No hay sponsors para este webinar.


Cerrar