Unconventional Logging and Detection - SANS Tactical Detection Summit 2018
Автор: SANS Institute
Загружено: 2019-02-11
Просмотров: 3855
SIEM Summit 2019 Agenda: http://www.sans.org/u/UIC
Presenter:
Justin Henderson, SANS Institute
Log collection and detection go hand in hand, yet both are difficult. Are you allowed to deploy a log agent or not? Can you change system settings to generate the logs you need? The problem is the answer may be no to both questions. Even if the answer is yes, some detection capabilities cannot be done with standard logging and collection.
All is not lost. Windows, Linux, Unix, and Mac systems all have unconventional methods of log collection and detection that augment standard processes. This talk focuses on using alternative methods such as PowerShell, Python, or built-in binaries to generate custom logs and covers multiple use cases on what detection techniques those logs provide. Example: ARP cache poisoned? How about a detection technique that produces zero logs until it happens and then generates and ships off the record directly to your platform of choice.
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
