OpenSourced Threat Hunting with Graylog + MISP + Sysmon

Trainer

Bruno Diniz

Schedule

  • Begins: 13:00
  • Run time: 4 hours

Abstract

Show an Open Source yet powerful SETUP and conduct Auto Hunting (IOC Matching Rules) and IOC/TTP based Threat Hunting with Graylog Log Processor.

This workshop will rely on 2x Virtual Machines (Graylog / Windows+Sysmon) and online MISP exported Threat Feeds from OpenCTI.BR project

1st part (SETUP):

  • LAB Review
  • IOCs Onboarding
  • Windows Device LOG Onboarding

2nd Part (Hunting):

  • Auto Hunting IOC Matching Rules / ““New Intel + New Logs”” Alerts
  • Auto Backwards IOC Threat Hunting / ““New Intel + Old Logs”” Alerts
  • Manual IOC Threat Hunting
  • Manual TTP based Threat Hunting

Bio

Bruno Diniz

  • @brunogdiniz
  • Cyber Security Executive with 15+ year experience background on Cyber and Information Security. Strong experience leading cyber operations teams and services, with intelligence-led and business thinking mindset. Critical thinking and problem-solve approach. Experienced multi-vendor, multi-customer, multi-vertical environment with good negotiation skills.