OpenSourced Threat Hunting with Graylog + MISP + Sysmon

Register for workshop

Open Registration Form

Infos

Start: 2021-06-20 13:00
End: 2021-06-20 17:00
Location: Virtual

Abstract

Show an Open Source yet powerful SETUP and conduct Auto Hunting (IOC Matching Rules) and IOC/TTP based Threat Hunting with Graylog Log Processor.

This workshop will rely on 2x Virtual Machines (Graylog / Windows+Sysmon) and online MISP exported Threat Feeds from OpenCTI.BR project

1st part (SETUP):

  • LAB Review
  • IOCs Onboarding
  • Windows Device LOG Onboarding

2nd Part (Hunting):

  • Auto Hunting IOC Matching Rules / ““New Intel + New Logs”” Alerts
  • Auto Backwards IOC Threat Hunting / ““New Intel + Old Logs”” Alerts
  • Manual IOC Threat Hunting
  • Manual TTP based Threat Hunting

Bruno Diniz

@brunogdiniz

Cyber Security Executive with 15+ year experience background on Cyber and Information Security. Strong experience leading cyber operations teams and services, with intelligence-led and business thinking mindset. Critical thinking and problem-solve approach. Experienced multi-vendor, multi-customer, multi-vertical environment with good negotiation skills.