"Hunting PCAP Data with Splunk"

Nov 2, 2017 · McLean, United States of America

"Hunting PCAP Data with Splunk"

Abstract: Splunk can be a very powerful tool to hunt on networks. In this presentation we'll take some data PCAP in a Splunk VM, process it down using Bro, and run a few hunting exercises to find the evil packets after they've been boiled down to text. We'll talk through the process and some tips and tricks with Bro data and how to use the Bro TA in Splunk.

Bio: Matt Ahrens is a widely recognized expert at investigating data breaches, Matt has more than 15 years' experience leading investigations of breaches involving distributed denial-of-service (DDoS) attacks, ransomware, and targeted threat actors. Earlier in his career, Matt led incident responses, managed security operations, and developed security products for companies including LivingSocial and Neustar. Formerly certified as a Qualified Incident Response Assessor (QIRA) and a Qualified Security Assessor (QSA), Matt is a frequent speaker on cyber security topics, including threat intelligence, risk management, and the Internet of Things.

Event organizers
  • Splunk > WashDC User Group

    This is an interactive meetup for Washington D.C., Northern Virginia, and Maryland users, enthusiasts and explorers of Splunk. Splunk is used for application management, security and compliance, as well as business and web analytics. Members will be able to network with peers, learn best practices and better understand how Splunk solves real world data intelligence problems across the enterprise. We'll aim to regularly share use cases that showcase how machine data can be used to drive business decision ma

    Recent Events
    More

Are you organizing "Hunting PCAP Data with Splunk"?

Claim the event and start manage its content.

I am the organizer
Social
Rating

based on 0 reviews