Calling blue teamers, threat hunters, and database/SIEM engineers.
Learn how to get the most out of your Elasic ELK stack from the insights of real world multi-TB/day deployments.
In addition, learn insights from large scale deployments of both Bro (Zeek) and Windows WEF.
Afterwards, apply threat hunting for both of these log sources inside of Kibana (ELK).
Finally, high confidence alerting will be shown so you can provide immediate, practical, value. You don’t need a team of “threat hunters”
Who should attend?
Database engineers for a SOC or any network/endpoint security database deployment.
Using Bro (Zeek).
Using Windows (WEF) Logs.
Work with Elastic/ELK.
Portable device (laptop/tablet) that can connect to WiFi
Latest version of Google Chrome, Chromium, or Firefox
30 mins Break’s sprinkled in between the 3 sessions
35 mins Bro logs in threat hunting use cases
35 mins Windows Log (WEF) threat hunting use cases
100 mins Using Kibana for threat hunting on Windows and Bro (Zeek) logs
40 mins Using SIGMA signature framework for alerting and targeted high confidence threat hunting inside ELK.