Cybersecurity pros’ time is in high demand, as such the need to automate information gathering and attribution becomes greater every day. One question that confounds many pros is how to get started, what do you need in your stack to help you get the answers you need quickly?
SOAR, Threat Intelligence, a SIEM, EDR/XDR, IDS, etc. With so many tools and so many alerts it can be impossible to react to everything. Join Geoff Roote as he walks through a hands-on demo of TheHive/Cortex to help automate the process of enumeration and hunting at scale to help prioritize those items that should be addressed now and those that can wait.
This session will go from endpoint observable to the internet and back again in a 360-degree investigation which will unearth more nefarious activity within the company borders. The power is in actionable threat intel, and we will show you how.
Objectives:
- Step through the entire triage process, from endpoint observable to intel providers and back again
- Gain an understanding of scaling information gathering to dozens or even hundreds of observables at a time
- Bring insights and lessons learned from the presentation directly within your organization