BlackHat 2017: A Guide to Threat Hunting Utilizing the Elk Stack and PowerShell

While it may seem a bit early to start planning your annual pilgrimage to Vegas for BlackHat 2017, now’s a good time to start talking to your team or your boss about signing on for additional technical trainings during the conference.

Ongoing trainings keep incident responders and researchers learning about new ways to defend against attackers, who continue to hone their skills on a daily basis.

On July 22 – 23 and July 24 and 25, 2017, Cylance will show you how to create your own enterprise-wide hunting platform using ELK with data enrichment feeds. In addition, you’ll learn how to retrieve the data from various endpoints and data sources. You’ll deploy PowerShell scripts across a customized network environment to gather the critical data necessary to respond to an incident.

This course will teach you how to not only set up an ELK server specifically geared to facilitate powerful threat hunting, but will also show you how to collect data efficiently from every single endpoint on your network in a very short span of time, thereby enabling you to proactively hunt on a regular basis. 

Being proactive in security means everything – it helps you prevent attacks before they happen, rather than responding to breaches after the fact.

In this course, you’ll be conducting 3-4 labs each day. Labs will include functional components of building out the ELK stack and its respective modules as well as highlighting how those components can be leveraged to assist you in rooting out malicious activity in your environment.

The days of using Excel logs to find malicious activity are over. Breaches are only expanding in size and complexity, so incident responders need their own way of growing out of the days of using spreadsheets to hunt through mountains of data.

Sign up (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by The Cylance Team. Read the original post at: