OpenSourced Threat Hunting with Graylog + MISP + Sysmon
- Begins: 13:00
- Run time: 4 hours
Show an Open Source yet powerful SETUP and conduct Auto Hunting (IOC Matching Rules) and IOC/TTP based Threat Hunting with Graylog Log Processor.
This workshop will rely on 2x Virtual Machines (Graylog / Windows+Sysmon) and online MISP exported Threat Feeds from OpenCTI.BR project
1st part (SETUP):
- LAB Review
- IOCs Onboarding
- Windows Device LOG Onboarding
2nd Part (Hunting):
- Auto Hunting IOC Matching Rules / ““New Intel + New Logs”” Alerts
- Auto Backwards IOC Threat Hunting / ““New Intel + Old Logs”” Alerts
- Manual IOC Threat Hunting
- Manual TTP based Threat Hunting
- Cyber Security Executive with 15+ year experience background on Cyber and Information Security. Strong experience leading cyber operations teams and services, with intelligence-led and business thinking mindset. Critical thinking and problem-solve approach. Experienced multi-vendor, multi-customer, multi-vertical environment with good negotiation skills.