Toppling the Stack: Outlier Detection for Threat Hunters - SANS Threat Hunting Summit 2017
So much of what we do as hunters is based on finding oddballs, but most published hunt procedures seem to rely on a single method: stack counting. In this session, we’ll examine a few other ways of finding outliers in your data, with samples and use cases for each.
David J. Bianco (@davidjbianco), Principal Engineer, Cyber Security, Target
David J. Bianco, Principal Engineer, Cyber Security, Target
David has over 20 years experience in the information security field, with the last 15 focusing on incident detection and response. He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of detection planning, threat intelligence and threat hunting. He is the principal contributor to The ThreatHunting Project (http://ThreatHunting.net) and a member of the MLSec Project (http://www.mlsecproject.org). You can follow him on Twitter as @DavidJBianco or subscribe to his blog, "Enterprise Detection & Response" (http://detect-respond.blogspot.com). @DavidJBianco
Видео Toppling the Stack: Outlier Detection for Threat Hunters - SANS Threat Hunting Summit 2017 канала SANS Digital Forensics and Incident Response
David J. Bianco (@davidjbianco), Principal Engineer, Cyber Security, Target
David J. Bianco, Principal Engineer, Cyber Security, Target
David has over 20 years experience in the information security field, with the last 15 focusing on incident detection and response. He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of detection planning, threat intelligence and threat hunting. He is the principal contributor to The ThreatHunting Project (http://ThreatHunting.net) and a member of the MLSec Project (http://www.mlsecproject.org). You can follow him on Twitter as @DavidJBianco or subscribe to his blog, "Enterprise Detection & Response" (http://detect-respond.blogspot.com). @DavidJBianco
Видео Toppling the Stack: Outlier Detection for Threat Hunters - SANS Threat Hunting Summit 2017 канала SANS Digital Forensics and Incident Response
Показать
Комментарии отсутствуют
Информация о видео
3 мая 2017 г. 1:31:13
00:39:30
Другие видео канала
Threat Hunting via Sysmon - SANS Blue Team Summit
Suricata IDS & IPS VS Kali-Linux Attack
Quantify Your Hunt: Not Your Parents’ Red Team - SANS Threat Hunting Summit 2018
Threat Detection and Hunting for Common MITRE ATT&CK Techniques
The Cycle of Cyber Threat Intelligence
Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018
Using the MITRE ATT&CK Framework with Exabeam for Threat Hunting and Investigations
Threat Hunting — Demystified
How to Build Threat Hunting into Your Security Operations
Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017
SANS Technology Institute Graduate Program: An Insider's View
Cyber Threat Hunting: Identify and Hunt Down Intruders
iOS Third Party Apps Analysis how to use the new reference guide poster
"Scalable Anomaly Detection (with Zero Machine Learning)" by Arthur Gonigberg
Day 2 Wrap-Up Panel | SANS CTI Summit 2-21
Episode 187: When to Stop Looking for Evidence - Part 3
Will they Read my Reports? - Creating Value Driven Reports | Christopher Lopez | SANS CTI Summit
Episode 194: Apple RAM Acquisition - Part 1
Episode 200: The Final Episode
Episode 188: When to Stop Looking for Evidence - Part 4