About this Event
Workshop - Threat Hunting with Jupyter Notebooks
Are you interested in threat hunting and want to learn how automate detections and use visualizations to find threats quickly? This workshop will outline detection and threat-hunting strategies that a SOC could adopt promptly to look for threats in their Endpoint environment. We will introduce how to convert SIGMA logic detections mapped to the MITRE ATT&CK framework into Python using Jupyter Notebooks. Once these detections are built, you can parse large amounts of data from Sysmon and Windows Security Logs to create high-fidelity detections within your environment. We will view and mould this data using the tabular format and visualizations. Doing this will show how visualizations establish relationships between entities more distinctly to see any anomalies and threats. We will also discuss how you can extend this hunt to Network and Cloud Environments. As a final piece to this workshop, we will allow participants to try out the skills learned by answering questions about the anomalies and threats they find within the dataset. Although this talk will be technical, we welcome anyone with an interest in learning about threat hunting to attend.
Note: You must have a ticket for BSides Edmonton in order to attend this workshop.
Buy a Ticket for BSides Edmonton Now
Event Venue & Nearby Stays
NAIT Productivity and Innovation Centre, 10210 Princess Elizabeth Avenue Northwest, Edmonton, Canada
CAD 0.00