Black Hat USA: Threat Hunting Utilizing the ELK Stack
and Machine Learning
The days of using Excel to find malicious activity are over. Breaches are only expanding in size, so incident responders need their own way of growing out of the days of using Excel to hunt through mountains of data.
In these courses offered at Black Hat USA (August 4-5 and 6-7), attendees will learn how to create their own enterprise-wide hunting platform using ELK with data enrichment feeds.
Creating the means of retrieving the data from the various endpoints and data sources will also be introduced and explained throughout the course.
Students will be provided with a virtual machine that has a robust data set from multiple systems that have been infected, as well as some systems that have not.
Students will then enrich the data from both a normalization perspective, as well as using visualizations to assist in finding outliers and anomalies within the data sets.
Students will be introduced to a multitude of machine learning algorithms and concepts that are useful for threat hunting purposes in enterprise data sets.
This course will teach you how to not only set up an ELK server specifically geared to facilitate powerful hunting, but will also show you how to collect data efficiently from every single endpoint on your network in a very short span of time, thereby enabling you to proactively hunt on a regular basis.
Students should expect to conduct 5-6 labs each day. Labs will include functional components of building out the ELK stack and its respective modules as well as highlight how those components can be leveraged to assist you in finding malicious activity in your environment. Utilization of machine learning will also be highlighted in a multitude of labs throughout (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by The Cylance Team. Read the original post at: https://threatvector.cylance.com/en_us/home/black-hat-usa-threat-hunting-utilizing-the-elk-stack-and-machine-learning.html