Mastering Next Gen SIEM Use Cases (Part 1)

•Descargar como PPTX, PDF•

1 recomendación•166 vistas

This document discusses threat hunting and next generation SIEM use cases. It will cover changing how detection is approached, objectives and strategies for hunting threats, and setting up a threat hunting workshop. The presenter is the founder and CEO of NETMONASTERY, which built DNIF, an integrated threat hunting platform. Over the course of three sessions, attendees can expect to learn strategies and processes for threat hunting, how to think about known and unknown threats, and how to set up the tools and playbooks needed to successfully implement threat hunting in their environment.

Tecnología

© Copyright 2017 NETMONASTERY Inc
Mastering NextGen
SIEM Use Cases
1
Shomiron DAS GUPTA, Founder, CEO
NETMONASTERY Inc.
BUILDING LOGIC FOR HUNTING ADVANCED THREATS
CAT
SERIES

© Copyright 2017 NETMONASTERY Inc
Who is this speaking?
2
Founder of NETMONASTERY, we built DNIF - An
Integrated Threat Hunting Platform for the CSOC
Research on Detection, Hunting and …. ML
One of the few guys that does defense for a
living
GCIA 2000 - 18Yrs of Intrusion Detection,
Handling
WHAT I DO FOR A LIVING
@shomiron

© Copyright 2017 NETMONASTERY Inc
What can we expect to learn
3
1. Change the we think about detection
2. More about Objectives, Strategies and Tools
3. Use Case Workshop - Threat Hunting Process
4. Thinking SWIFT
5. How to setup your threat hunting workshop
THIS THREE PART SERIES

© Copyright 2017 NETMONASTERY Inc
Agenda Items
1. Objectives - of what we are trying to achieve
2. Strategy - on how we will need to think
3. Process - breakdown of the steps
4. The Toolkit - we will need to get started
5. Q & A
4
THIS SESSION - PART 1

© Copyright 2017 NETMONASTERY Inc
RATHER … WHAT IS THREAT HUNTING
ProActively
Looking for
Threats, EOI’s,
IOC’s
Objectives for NextGen SIEM
5
Use 3rd party
validation to
identify false
positives
Engineer security
strategies into
playbooks

© Copyright 2017 NETMONASTERY Inc
6
STRATEGY

© Copyright 2017 NETMONASTERY Inc 7
Strategy for NextGen Threats
known - known
Threats you know about and you know how to
detect them - THINK SIEM
known - unknown
Threats you know about but you don’t know
how to detect them
unknown - unknown
Threats that you don’t know about and you
don’t know how to detect them
YOU VS YOUR ADVERSARIES - DONALD RUMSFELD
Donald RUMSFELD

© Copyright 2017 NETMONASTERY Inc
■ NextGen SIEM / Threat Hunting Platform
● Critical Event Sources
● Integrations for Validation, Response
■ 3rd Party Validation Sources
● File, Hash, Domain, URL, Email, Registrar, IP, ASN
■ Playbook Repo for the SOC
● Build / Modify
● Train / Assist
Toolkit for NextGen Threats
9
HOW TO SUCCEED WITH THREAT HUNTING

© Copyright 2017 NETMONASTERY Inc
Attack Surfaces
10
TARGET THREAT LANDSCAPE
USER ENDPOINT APPLICATIONCREDENTIALS
Insider Attack Credential Theft
Endpoint
Compromise
Application
Attack
Building Use Cases to Detect Anomalies to
Each Attack Surface

© Copyright 2017 NETMONASTERY Inc
Next Session
11
USE CASE WORKSHOP
USER ENDPOINT APPLICATIONCREDENTIALS
Insider Attack Credential Theft
Endpoint
Compromise
Application
Attack
Building Use Cases to Detect Anomalies to
Each Attack Surface

Más contenido relacionado

La actualidad más candente

How to Recover from a Ransomware Disaster

Spanning Cloud Apps

Understanding ransomware

Prathan Phongthiproek

Talk1 esc7 muscl-dataprotection_v1_2

Sylvain Martinez

Are you a top manager, business owner, or CISO, responsible for your company’s information security? Do you want to understand how much you should invest in cybersecurity, and what is more important – how to measure the efficiency of security investment (ROSI)? Do you want to know how much other organizations invest in a corporate security of small, medium, and enterprise businesses in Ukraine and the world? And what are the indicators you should follow when evaluating your company’s security program? We will help you deal with these and other difficult questions, different points of view and find some answers on the webinar by Berezha Security Group professionals. The VIDEO WITH WEBINAR in English is by the link: https://youtu.be/IVCVpi8Eo6g Questions to discuss: 1. What should CISOs and top managers know about Return on Security Investment? 2. Average costs of corporate security for small, medium, and enterprise businesses. 3. Investing in cybersecurity: how to showcase the effectiveness? 4. Leading indicators of cybersecurity investment effectiveness on practice. 5. Are there any “secrets” of effective cybersecurity investment? 6. What cybersecurity strategy will bring the best Return on Security Investment? 7. Strategic services for planning a cybersecurity program. 8. Questions and Answers. Our speakers -Vlad Styran, CISSP CISA, Co-founder & CEO, BSG Vlad is an internationally known cybersecurity expert with over 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness. He is a BSG Co-founder & CEO and responsible for business and cybersecurity strategies. He could help businesses with consulting services in software security, cybersecurity awareness, strategy, and investment. Also, he acts as a speaker, blogger, podcaster in his volunteer activities. - Andriy Varusha, CISSP, Co-founder & CSO, BSG Andriy is an experienced top manager in IT-audit, consulting, and IT project management by leading outsourcing teams in Ukraine, Poland, and the USA. He also is keen on building customer relationships within the US, UK, and Western Europe geographies. At BSG, he leads the BSG advisory practice and consults development teams in all aspects of cybersecurity. Who we are? Berezha Security Group (BSG) is a Ukrainian consulting company focused on application security and penetration testing. Our job is to help companies in all aspects of cybersecurity. We complete more than 50 Penetration Testing and Application Security projects yearly, so we know the business security vulnerabilities across the verticals. We help our customers address their future security challenges: prevent data breaches and achieve compliance. Our contacts: hello@bsg.tech ; https://bsg.tech

Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...

Berezha Security Group

Ict conf td-evs_pcidss-final

Dejan Jeremic

Ransomware is typically initiated via phishing or social engineering tactics, these attacks often take advantage of human error for the successful delivery of the malware. These criminal organizations are impartial to the size of your organization. They target any company with data, and if you don't pay the ransom, your information could be posted to a public forum or sold on the Dark Web for profit. Most companies unfortunately are forced to pay due to system failure and file corruption. The scariest about these methods is that the Ransomware doesn't need to be developed by the attackers. Ransomware services can now be purchased on the DarkWeb and used at the Cybercriminal's will (RAAS). As these Ransomware attacks and services evolve, how can companies arm themselves with the right solutions to defend themselves from these evergrowing attacks? Join us in our latest webinar with Dr. Christine Izuakor (cybersecurity expert) and Jay Godse (head of product dev at Veriato).

Ransomware Has Evolved And So Should Your Company

Veriato

Security experts from Mediacurrent, Townsend Security and Lockr uncover how you can protect your site from the growing cybercrime business by starting off on the right foot. This interactive webinar will get you the foundation you need to protect your site and your organization when using Drupal. YOU'LL LEARN: Security by design in Drupal Site audit and security best practices Encrypting sensitive data Key management (encryption & API) Resources to improve security

Security by Design: An Introduction to Drupal Security

Tara Arnold

After the completeness of over 50 Penetration Testing and Application Security projects during the 2020 year and many more since 2014, the BSG team shares its expertise in finding security vulnerabilities across many business verticals and industries. On the webinar, we will talk about: 1. Typical threat model of a modern business organization. 2. How the COVID-19 pandemic has changed that threat model? 3. What is Threat Modeling, and how it works for the BSG clients? 4. What is DARTS and how we secure sensitive customer data? 5. What is the BSG Web Application Pentester Training and why? 6. Top 10 critical cybersecurity vulnerabilities we found in 2020. We help our customers address their future security challenges: prevent data breaches and achieve compliance. *Slides - English language *Webinar - Ukrainian language The link on the webinar: https://youtu.be/fkdafStSgZE BSG 2020 Business Outcomes and Security Vulnerabilities Report: https://bit.ly/bsg2020report Contact details: https://bsg.tech hello@bsg.tech

Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...

Berezha Security Group

THE TIME HAS COME TO REPLACE YOUR ANTIVIRUS SOLUTION Legacy AV products are failing to stop modern threats. That’s why AV replacement is a hot topic in the industry and why enterprises in every sector are looking for answers. As breaches continue to dominate the headlines, you need to know that there is a new approach that can close the wide security gap left by yesterday’s AV solutions. Defending against today’s sophisticated polymorphic threats requires new weapons and that’s just what the CrowdStrike Falcon Platform delivers. The key to this new approach is going beyond malware to addressing the most complex and persistent cyber threats at every stage of the kill chain. CrowdStrike does this by combining next-gen antivirus, endpoint detection and response (EDR), and a managed threat hunting service – all cloud-delivered with a single lightweight agent. In this CrowdCast, Dan Larson, VP, Product Marketing will discuss: --The typical challenges with legacy antivirus, from efficacy to complexity & bulky architecture --How CrowdStrike stands above competitive offerings by providing robust threat prevention leveraging artificial intelligence and machine learning --How Falcon’s lightweight sensor and cloud architecture dramatically reduces operational burden --How you can seamlessly migrate from legacy antivirus to CrowdStrike Falcon --Why CrowdStrike was positioned as a “Visionary” in the 2017 Gartner Magic Quadrant for Endpoint Protection Solutions and what it says about our standing as an effective AV replacement

How to Replace Your Legacy Antivirus Solution with CrowdStrike

CrowdStrike

Aram H., researcher at DistriNet - KULeuven, presented the LINDDUN methodology (°2010) in already a bit simplified form (3 instead of 6 steps) while the team is working to further operationalise it AND align it with GDPR. With LINDDUN you systematically approach the technical elements of appropriate measures to protect the data in 3 steps: 1 describe the data (flow) elements 2 elicit threats relating to linkability, identifiability, non-repudiation, detectability, disclosure of information, unawareness, non-compliance (and focus by making reasonable assumptions) 3 manage the threats, especially by mitigating them based on the threat taxonomy You can find more on the methodology on linddun.org This presentation was part of a series of presenters that filled the Privacy Design Lab that was organised by / together with the US Chamber of Commerce on 6 November 2017.

20171106 - Privacy Design Lab - LINDDUN

Brussels Legal Hackers

The state of endpoint defense in 2021

Adrian Sanabria

The Cyber Attack Risk

Skyport Systems

Ransomware like CryptoLocker has infiltrated countless businesses, encrypted files and demanded a pound of flesh for their safe release. With no relief in sight and new variations emerging regularly, ransomware continues to be one of the most widespread and damaging threats to businesses today. Now, more than ever, businesses need to have rock solid backup and disaster recovery systems in place to ensure continuity.

How to Take the Ransom Out of Ransomware

marketingunitrends

Triangulum - Ransomware Evolved - Why your backups arent good enough

Martin Opsahl

Mobile Security Assessment

Sylvain Martinez

OWASP Day - OWASP Day - Lets secure!

Prathan Phongthiproek

Ransomware. The very word strikes fear into the hearts of admins, backup specialists, and security pros. Backup software vendors know if all your data is not protected, there is a good chance that if (when?) ransomware hits, you will most likely lose data. But, what should scare you more is less than half of ransomware victims fully recover their data, even with backup. What can you do to make sure you are not on the wrong side of a statistic?

Ransomware: Why Are Backup Vendors Trying To Scare You?

marketingunitrends

Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK

Symantec

VIRTUAL CISO AND OTHER KEY CYBER ROLES

Sylvain Martinez

Wannacry & Petya ransomware

Raghavendra P.V

La actualidad más candente (20)

How to Recover from a Ransomware Disaster

Understanding ransomware

Talk1 esc7 muscl-dataprotection_v1_2

Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...

Ict conf td-evs_pcidss-final

Ransomware Has Evolved And So Should Your Company

Security by Design: An Introduction to Drupal Security

Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...

How to Replace Your Legacy Antivirus Solution with CrowdStrike

20171106 - Privacy Design Lab - LINDDUN

The state of endpoint defense in 2021

The Cyber Attack Risk

How to Take the Ransom Out of Ransomware

Triangulum - Ransomware Evolved - Why your backups arent good enough

Mobile Security Assessment

OWASP Day - OWASP Day - Lets secure!

Ransomware: Why Are Backup Vendors Trying To Scare You?

Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK

VIRTUAL CISO AND OTHER KEY CYBER ROLES

Wannacry & Petya ransomware

Similar a Mastering Next Gen SIEM Use Cases (Part 1)

Mastering next gen-siem-usecases-part1

Priyanka Aash

Today's threats demand a more active role in detecting and isolating sophisticated attacks. This must-see presentation provides practical guidance on modernizing your SOC and building out an effective threat hunting program. Ed Amoroso and David Bianco discuss best practices for developing and staffing a modern SOC, including the essential shifts in how to think about threat detection. Watch the presentation with audio here: http://info.sqrrl.com/webinar-modernizing-your-security-operations

Modernizing Your SOC: A CISO-led Training

Sqrrl

Netwatcher Credit Union Tech Talk

NetWatcher

OSB50: Operational Security: State of the Union

Ivanti

As the security industry has grown we've seen every aspect of our world become more complicated and more overwhelming. We're consistently promised solutions and technology to make our lives easier, to stop the attacker, to catch them quicker, to automate the pain away, but the reality falls flat. Frankly, it's underwhelming. Understanding where your program stands today, where you should spend time and resources, and how best to reduce risk to your organization are key aspects of any program. Join us to discuss and discover what some of the largest organizations in the world are doing to try to make sense of it all, and how they got there.

[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...

CODE BLUE

The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.

#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm

Shawn Tuma

What it Takes to be a CISO in 2017

Doug Copley

Endpoints are everywhere, and endpoint security is evolving. Endpoints also remain the most attractive target for hackers as a point of entry for attacks because they’re connected to the weakest link in enterprise data protection: humans. View the SlideShare to learn: --Why evolving threats require increased endpoint defense capabilities. --What organizations can do to protect against known and unknown threats, while reducing manual processes for administrators. --The primary capabilities of endpoint detection and response (EDR) tools, and how you can find the right fit for your business. --Where your organization sits on the endpoint security maturity scale. --Keys to maturing your endpoint security strategy. A new generation of products and services is helping organizations keep pace with modern threats and advance beyond traditional, prevention-oriented endpoint protection to a more comprehensive — and realistic — focus on detection and incident response.

Maturing Endpoint Security: 5 Key Considerations

Sirius

Effective Security Operation Center - present by Reza Adineh

ReZa AdineH

The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit

Shawn Tuma

knowthyself : Internal IT Security in SA

SensePost

ITD BSides PDX Slides

EricGoldstrom

Why Your Organization Must Have a Cyber Risk Management Program and How to De...

Shawn Tuma

Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy

Stephanie McVitty

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors

mdagrossa

It is given that you will be hacked, irrespective of your level of cyber security. Learn how you can detect, respond & recover from cyber attacks. Quicker. Key Content: 1. The threat landscape and how existing monitoring and response capabilities are ineffective in detecting and responding to advanced cyber attacks 2. Lifecycle and speed of an attack and how early detection can help in responding and managing losses 3. Blueprint for an effective (and vendor agnostic) Incident Management Program If you have been tracking the Cyber Security News lately, one thing is for sure - Cyber Attacks are imminent and it is a matter of time when you will be the next one to come under an attack, if not already. What Robert Mueller, Former Director of FBI said in RSA Conference in March 2012 is still very relevant. "I am convinced that there are only two types of companies: those that have been hacked and those that will be. ” and what he says further makes it worse "And even they are converging into one category: companies that have been hacked and will be hacked again." Cyber attacks are no more a work of lone warriors or a group of hackers but involve cyber crime syndicates, collaborating and pumping large amount of money, precision, knowledge, expertise and persistence. Their capabilities are equal if not better than state sponsors. Data says that cyber security incidents affects all kinds of organizations - small, medium or large and across all industries - financial, telecom, utility, health care, education and more. Organizations fail to detect and respond to security incidents due to weak monitoring capabilities and lack of expertise, tools and procedures. In this webinar we will look at the cause and effect of the problem, analyze preparedness and learn how you can better prepare, detect, respond and recover from cyber attacks.

Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack

Aujas

Threat hunting 101 by Sandeep Singh

OWASP Delhi

A day in the life of a threat intelligence analyst is often hectic and ever-changing. Threats and related data abound, and an analyst must look at all angles and scenarios before making recommendations. As information security, in general, garners more interest throughout the enterprise, an analyst’s time is more in demand and he or she might be required to provide frequent updates or participate in meetings to which they’ve never previously been invited. So, how can a threat analyst keep up? With so much to do each and every day, smart threat intelligence analysts practice habits that make them more effective and efficient. Above we’ve outlined seven of those habits so you can provide your organization even more value.

7 Habits of Smart Threat Intelligence Analysts

Recorded Future

CounterTack: 10 Experts on Active Threat Management

Mighty Guides, Inc.

A key business goal of any organization is to maintain the constant availability of data and systems that can be trusted for decision-making purposes. The evolving threat landscape has resulted in increasing focus, right to board level, on cybersecurity. IT operational and security teams should demonstrate a comprehensive, cohesive approach in their response to security incidents and data breaches.

A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...

Kaspersky

Similar a Mastering Next Gen SIEM Use Cases (Part 1) (20)

Mastering next gen-siem-usecases-part1

Modernizing Your SOC: A CISO-led Training

Netwatcher Credit Union Tech Talk

OSB50: Operational Security: State of the Union

[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...

#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm

What it Takes to be a CISO in 2017

Maturing Endpoint Security: 5 Key Considerations

Effective Security Operation Center - present by Reza Adineh

The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit

knowthyself : Internal IT Security in SA

ITD BSides PDX Slides

Why Your Organization Must Have a Cyber Risk Management Program and How to De...

Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors

Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack

Threat hunting 101 by Sandeep Singh

7 Habits of Smart Threat Intelligence Analysts

CounterTack: 10 Experts on Active Threat Management

A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...

Más de DNIF

Beyond blacklists - A cyber threat intelligence perspective

DNIF

This presentation showcased live during the DNIF KONNECT meetup on 19th December 2019. We have our presenter: Ruchir Shah- Account Manager at DNIF, walk us through the importance of SOAR Some key points discussed during the meetup: -Understand, what is SOAR. -The problems a SOAR solution solves. -Real-time demo by DNIF expert on SOAR. Watch the full presentation here: https://www.youtube.com/watch?v=bCp-WAs6w5I

Insight into SOAR

DNIF

This presentation showcased live during the DNIF Konnect meetup on 14th November 2019. We have our guest presenter: Sudhan Pathak and Nabeel Shaikh - MBA student at Symbiosis centre for Information Technology, walk us basics and some of the challenges at Capture The Flag (CTF). Some key points discussed during the meetup: -Introduction to NXLogs. -Find out how using NXLogs with DNIF can make life easier for security analysts. -Introduction to the concepts of capture the flag (CTF). -Learn how users can easily manage their DNIF components. Watch the full presentation here: https://www.youtube.com/watch?v=UHE9-oYatiY

A closer look at CTF challenges

DNIF

This presentation showcased live during the DNIF Konnect meetup on 5th September 2019. We have our guest presenter: Mr. Mikhail Moskvin - Cyber Security Expert from Kaspersky, walk us through some key points related to benefits and practical applications of threat intelligence. Some key points discussed during the meetup: - Introduction to threat intelligence. - Strategies to implement threat intelligence with SIEM. - Practical use cases on using KASPERSKY Threat Intelligence Portal with DNIF. - How SOC teams can leverage threat intelligence aand validation. Watch the full presentation here: https://youtu.be/C89lTX13Vcw?t=1284

Threat Intelligence and Cyber Security Challenges | KASPERSKY & DNIF INTEGRATION

DNIF

CVE Analysis using vFeed

DNIF

Container Security Essentials

DNIF

Importance of having a vulnerability management | Vfeed

DNIF

Anatomy of Persistence Techniques & Strategies to Detect

DNIF

User Behavior Analytics Using Machine Learning

DNIF

Process Whitelisting With VirusTotal

DNIF

VirusTotal Threat Intelligence and DNIF Use Cases

DNIF

In this virtual meetup of DNIF KONNNECT (04.04.2019), where the growing DNIF community connects, interacts, shares and helps each other to grow and learn about the latest in threat hunting and many more...this time we have Mr. Ankit Panchal from NSDL who shall demonstrate an end to end demo of how you can achieve security maturity. Learn more about DNIF KONNECT here - https://dnif.it/dnif-konnect.html Learn more about DNIF KONNECT here - https://dnif.it/dnif-konnect.html

Threat hunting and achieving security maturity

DNIF

Kaspersky Threat Intelligence Portal and DNIF Use Cases

DNIF

Data Analytics in Cyber Security

DNIF

Más de DNIF (14)

Beyond blacklists - A cyber threat intelligence perspective

Insight into SOAR

A closer look at CTF challenges

Threat Intelligence and Cyber Security Challenges | KASPERSKY & DNIF INTEGRATION

CVE Analysis using vFeed

Container Security Essentials

Importance of having a vulnerability management | Vfeed

Anatomy of Persistence Techniques & Strategies to Detect

User Behavior Analytics Using Machine Learning

Process Whitelisting With VirusTotal

VirusTotal Threat Intelligence and DNIF Use Cases

Threat hunting and achieving security maturity

Kaspersky Threat Intelligence Portal and DNIF Use Cases

Data Analytics in Cyber Security

Último

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

DBX First Quarter 2024 Investor Presentation

Dropbox

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Mastering Next Gen SIEM Use Cases (Part 1)

2. © Copyright 2017 NETMONASTERY Inc Who is this speaking? 2 Founder of NETMONASTERY, we built DNIF - An Integrated Threat Hunting Platform for the CSOC Research on Detection, Hunting and …. ML One of the few guys that does defense for a living GCIA 2000 - 18Yrs of Intrusion Detection, Handling WHAT I DO FOR A LIVING @shomiron

3. © Copyright 2017 NETMONASTERY Inc What can we expect to learn 3 1. Change the we think about detection 2. More about Objectives, Strategies and Tools 3. Use Case Workshop - Threat Hunting Process 4. Thinking SWIFT 5. How to setup your threat hunting workshop THIS THREE PART SERIES

4. © Copyright 2017 NETMONASTERY Inc Agenda Items 1. Objectives - of what we are trying to achieve 2. Strategy - on how we will need to think 3. Process - breakdown of the steps 4. The Toolkit - we will need to get started 5. Q & A 4 THIS SESSION - PART 1

5. © Copyright 2017 NETMONASTERY Inc RATHER … WHAT IS THREAT HUNTING ProActively Looking for Threats, EOI’s, IOC’s Objectives for NextGen SIEM 5 Use 3rd party validation to identify false positives Engineer security strategies into playbooks

7. © Copyright 2017 NETMONASTERY Inc 7 Strategy for NextGen Threats known - known Threats you know about and you know how to detect them - THINK SIEM known - unknown Threats you know about but you don’t know how to detect them unknown - unknown Threats that you don’t know about and you don’t know how to detect them YOU VS YOUR ADVERSARIES - DONALD RUMSFELD Donald RUMSFELD

8. © Copyright 2017 NETMONASTERY Inc Process Engineering 8 SHORTEST PATH TO SUCCESS Marking out a boundary It always helps in rolling out detection strategies that can be measured, large infrastructures have the tendency to generate noisy results. Limiting scope and growing in phases .. helps. Identify, watch and learn Build from what you know, start marking out your challenge areas and learn from activities that you would like to monitor the idea is to identify the current state and detect anomalies against the profile. Detect outliers from events Build profilers that run past recorded datasets to identify events that have never been seen before or anomalies that have crossed the known good patterns of operations. Investigate and feed forward Using hunting strategies to cross validate threats against 3rd party sources and actively investigate events to identify FP’s. Feed forward to the learning chain and to rationalize scores.

9. © Copyright 2017 NETMONASTERY Inc ■ NextGen SIEM / Threat Hunting Platform ● Critical Event Sources ● Integrations for Validation, Response ■ 3rd Party Validation Sources ● File, Hash, Domain, URL, Email, Registrar, IP, ASN ■ Playbook Repo for the SOC ● Build / Modify ● Train / Assist Toolkit for NextGen Threats 9 HOW TO SUCCEED WITH THREAT HUNTING

10. © Copyright 2017 NETMONASTERY Inc Attack Surfaces 10 TARGET THREAT LANDSCAPE USER ENDPOINT APPLICATIONCREDENTIALS Insider Attack Credential Theft Endpoint Compromise Application Attack Building Use Cases to Detect Anomalies to Each Attack Surface

11. © Copyright 2017 NETMONASTERY Inc Next Session 11 USE CASE WORKSHOP USER ENDPOINT APPLICATIONCREDENTIALS Insider Attack Credential Theft Endpoint Compromise Application Attack Building Use Cases to Detect Anomalies to Each Attack Surface

12. Thank You shom@dnif.it 12

Notas del editor

Marking out a boundary - limit your scope Identify threads to monitor and learn Identify outliers Investigate

Mastering Next Gen SIEM Use Cases (Part 1)

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Mastering Next Gen SIEM Use Cases (Part 1)

Similar a Mastering Next Gen SIEM Use Cases (Part 1) (20)

Más de DNIF

Más de DNIF (14)

Último

Último (20)

Mastering Next Gen SIEM Use Cases (Part 1)

Notas del editor