Introduction to Threat Hunting with Network Metadata

​​​​​​​The network metadata the Vectra platform produces can be valuable for threat investigåations. Have you wondered how you could make use of same metadata to proactively hunt for threats? In this webinar, Vectra Sidekick MDR analysts will describe techniques to identify three common attacker behaviors in your environment. Sidekick analysts will walk you through the specific workflows for each attack technique, provide best practices for hunting in your own environment, and answer questions about how to threat hunt using the Vectra platform. Recall will be used for this webinar. However, the same methodologies can be applied to network metadata obtained from Stream. In this video you will learn how to:

► Hunt for three commonly utilized attack techniques
► Leverage multiple metadata types to uncover attack behavior
► Build custom Recall dashboards for your environment

More information: www.vectra.ai
► Website: https://www.vectra.ai/solutions/mitre-attack-model
► Ask a question on MITRE: https://support.vectra.ai/s/article/KB-VS-1158
► Blog: https://www.vectra.ai/blogpost/achieving-threat-hunting-consistency-with-the-mitre-att-ck-matrix
► Solution Brief: How Vectra Supports the MITRE Enterprise ATT&CK Framework https://www.vectra.ai/resources/cb-mitre-att-ck-for-enterprise

00:00 Introduction to Threat Hunting with Network Metadata
02:13 Why should you hunt?
03:19 why hunt with network metadata?
04:38 What is Vectra Recall?
05:32 List of metadata streams
06:06 Common attributes to all metadata streams
06:40 What is DCSync?
09:43 Hunting for DCSync
10:20 Hunting for DCShadow
20:20 Hunting for PCExec

Видео Introduction to Threat Hunting with Network Metadata канала Vectra AI