SANS Live Training is Available In-Person OR Live Online! Explore Upcoming Events.

DFIR Summit & Training 2020 - Live Online

Virtual, US Eastern | Thu, Jul 16 - Sat, Jul 25, 2020

In response to the escalation of the COVID-19 pandemic, we've made the decision to convert this training event into a Live Online event.

The courses below will take place online, using virtual software to stream live instructors to all registered students during the scheduled classroom hours. (Eastern Time) This alternate training format will allow us to deliver the cybersecurity training you expect while keeping you, our staff, and our instructors as safe as possible.

Your registration for a Live Online course includes electronically delivered courseware, live streaming instruction by a SANS instructor, course labs, and four months of online access to course recordings.

Chopping Down a Dense forest of Teleme-Trees: Making Telemetry Work for You

  • Justin Ibarra, Security Researcher
  • Thursday, July 25th, 12:00pm - 1:20pm

Security operations teams are increasingly becoming more effective as tools continue to evolve and telemetry increases. Timely interpretation of the data to make actionable decisions is paramount to maximizing successful response and remediation.

However, as telemetry increases, analysts can be overwhelmed and may struggle to interpret signals in the noise. Tuning detections to specific environments reduces problems such as false positives and allows more time to be spent on high-confidence information. Organizations that can effectively baseline their environment, pivot through the relevant telemetry, and incorporate automated workflows, will be more successful at monitoring and defending their environment and assets.

In this lunch and learn, we'll show how to take advantage of Endgame's recently releasedâ¯Reflex â¢â¯technology, along with the publicly released Event Query Language (EQL) to alert, hunt, and even respond to activity within your environment.

Endgame

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Wednesday, July 22
Session Speaker Time Type
SANS@MIC -Get Involved! Use Your OSINT Powers for Good! Jeff Lomas Wednesday, July 22nd, 8:30pm - 9:30pm SANS@Night