Загрузка страницы
Все видеоНовые видеоПопулярные видеоКатегории видео

Windows Ransomware Detection with Splunk (2 of 6) – Unusual Traffic – Tor, SMB, DNS, HTTP

In this 6-part series, Splunk’s James Brodsky walks through real-world examples of Windows ransomware detection techniques, using data from Vulnerability and Patch Management, Network Traffic, Windows Registry, Windows Events, and Windows Sysmon. This video covers how to network traffic logs to implement ransomware detection techniques such as communications from unusual processes, unwanted SMB communications from endpoints, network connections to TCP 445 or 139, domain PTR queries not in the Alexa 1M, and even detection before encryption (e.g. process running in user space to initiate download of encryptor code).

For more information:

Splunk Security Essentials for Ransomware: https://splunkbase.splunk.com/app/3593/

Splunk Security Essentials: https://splunkbase.splunk.com/app/3435/

Splunk Online Demo Experience (Try Ransomware techniques in a “safe”, guided sandbox with real “threats”): https://www.splunk.com/en_us/form/security-investigation-online-experience-endpoint.html

Видео Windows Ransomware Detection with Splunk (2 of 6) – Unusual Traffic – Tor, SMB, DNS, HTTP канала Splunk
Показать
Комментарии отсутствуют
Введите заголовок:

Введите адрес ссылки:

Введите адрес видео с YouTube:

Зарегистрируйтесь или войдите с
Информация о видео
14 сентября 2017 г. 3:33:36
00:17:36
Splunk
Теги
Правообладателям
Жалоба
Комментарии
Другие видео канала
Windows Ransomware Detection with Splunk (1 of 6) – Vulnerability Detection and Windows Patch StatusWindows Ransomware Detection with Splunk (1 of 6) – Vulnerability Detection and Windows Patch StatusUncovering and Visualizing Malicious Infrastructure - SANS Threat Hunting Summit 2018Uncovering and Visualizing Malicious Infrastructure - SANS Threat Hunting Summit 2018Using Splunk Internal Indexes to Audit Security, Users, Searches and more.Using Splunk Internal Indexes to Audit Security, Users, Searches and more.Playing with WannaCry RansomwarePlaying with WannaCry RansomwareThreat Hunting Beacon AnalysisThreat Hunting Beacon AnalysisQRadar detecting Phishing and RansomwareQRadar detecting Phishing and RansomwareSplunk Tutorials : SQL Injection DetectionSplunk Tutorials : SQL Injection DetectionSplunk SOAR Playbooks: Crowdstrike Malware TriageSplunk SOAR Playbooks: Crowdstrike Malware TriageUse Case : Finding New Local Admin AccountsUse Case : Finding New Local Admin AccountsSplunk Security Investigations, Part 1: Threat DetectionSplunk Security Investigations, Part 1: Threat DetectionCreating Reports in Splunk EnterpriseCreating Reports in Splunk EnterpriseIntro to Feature Engineering with TensorFlow - Machine Learning Recipes #9Intro to Feature Engineering with TensorFlow - Machine Learning Recipes #9Web Application Firewall Bypassing by Khalil BijjouWeb Application Firewall Bypassing by Khalil BijjouPalo Alto Networks- DNS SinkholePalo Alto Networks- DNS Sinkholeフォワーダーを使用したSplunk Cloudでのデータ取り込み方法フォワーダーを使用したSplunk Cloudでのデータ取り込み方法Covert Command and Control over DNS with BeaconCovert Command and Control over DNS with BeaconMachine Learning & AIOps: Why IT Operations & Monitoring Teams Should CareMachine Learning & AIOps: Why IT Operations & Monitoring Teams Should CareNetwork Forensic using WiresharkNetwork Forensic using WiresharkSplunk for Security Investigation: Endpoint Advanced Malware AnalysisSplunk for Security Investigation: Endpoint Advanced Malware AnalysisUsing Splunk DB ConnectUsing Splunk DB Connect
Статистика портала
Яндекс.Метрика
© 2008-2024 «Информационно-развлекательный портал города Верхняя Салда»
| Карта портала | Реклама | Контакты | Сообщить об ошибке | Соглашения
salda.ws salda.ws@mail.ru
Сейчас на сайте: 512 Статистика портала