Become more effective at your job with hands-on cyber security training in Austin. Save $350 thru 9/25.

SANSFIRE 2019

Washington, DC | Sat, Jun 15 - Sat, Jun 22, 2019
This event is over,
but there are more training opportunities.

Threat Hunting with OSSEC

  • Xavier Mertens- ISC Handler
  • Wednesday, June 19th, 8:15pm - 9:15pm

OSSEC is sometimes described as a low-cost log management solution but it has many interesting features which, when combined with external sources of information, may help in hunting for suspicious activity occurring on your servers and end-points. During this presentation, I will demonstrate how to use OSSEC to perform threat hunting. Then I will demonstrate how to deploy specific rules to catch suspicious activities and integrate the alerts with 3rd party tools.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Sunday, June 16
Session Speaker Time Type
SANSFIRE 2019 Welcome Reception & Early Check-In Sunday, June 16th, 5:00pm - 7:00pm Special Events
Monday, June 17
Session Speaker Time Type
General Session - Welcome to SANS Dr. Johannes Ullrich Monday, June 17th, 8:00am - 8:30am Special Events
Product Test Drive: IBM - Defeat Cyber Insider Threats with IBM's Threat Management Solutions IBM Technical Experts Monday, June 17th, 6:00pm - 8:00pm Vendor Event
State of the Internet Panel Discussion Dr. Johannes Ullrich, ISC Director, Marcus Sachs, and Internet Storm Center Handlers Monday, June 17th, 7:15pm - 9:15pm Keynote
Tuesday, June 18
Session Speaker Time Type
: Retrospective analysis with threat intelligence and historical log data David Leslie, CyberSecurity Engineer Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
IoT Cybersecurity â Simplified and Unhackable Scott Coleman, Director of Product Management and Marketing Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Advantages of deploying zero trust, mobile-centric security Corey Lund, Senior Solutions Engineer MobileIron Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Threat Hunting - Automating Detection and Responses David Barton, Chief Information Security Officer Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Same Circus, Different Clowns TK Keanini Distinguished Engineer, Advanced Threat Solutions - USACisco Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Using Security Orchestration and Automation to Respond to Insider Threats John Avendano, Technical Consultant, IBM Security Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Product Test Drive: Owl Cyber Defense - Meet DiOTa: The Data Diode, Reimagined Tuesday, June 18th, 6:00pm - 8:00pm Vendor Event
Product Test Drive: Cisco Threat Hunting Workshop Cisco Advanced Threat Solutions Team Tuesday, June 18th, 6:00pm - 8:00pm Vendor Event
GIAC Overview Presentation Kim Lucht Tuesday, June 18th, 6:15pm - 7:00pm Special Events
Moving Past Just Googling It: Harvesting and Using OSINT Micah Hoffman Tuesday, June 18th, 7:15pm - 8:15pm SANS@Night
Modern Information Security: Forget Cyber, It's All About AppSec Adrien de Beaupre Tuesday, June 18th, 7:15pm - 8:15pm SANS@Night
Cutting the wrong wire: how a clumsy attacker revealed a global cryptojacking campaign Renato Marinho- ISC Handler Tuesday, June 18th, 7:15pm - 8:15pm SANS@Night
Leveraging the common language - MITRE ATT&CK Erik Van Buggenhout Tuesday, June 18th, 7:15pm - 8:15pm SANS@Night
Staying Offensive: The Changing Landscape of Offense Tim Medin Tuesday, June 18th, 8:15pm - 9:15pm SANS@Night
Pcap or It Didn't Happen: Sanitizing Pcap Files to Share With the Community Brad Duncan- ISC Handler Tuesday, June 18th, 8:15pm - 9:15pm SANS@Night
Infrastructure as Code is REAL! Using the Cloud to Provision Infrastructure with Software Shaun McCullough Tuesday, June 18th, 8:15pm - 9:15pm SANS@Night
DevSecOps: Key Controls For Modern Security Success Eric Johnson Tuesday, June 18th, 8:15pm - 9:15pm SANS@Night
From the Mean Streets to the Information Superhighway John TerBush Tuesday, June 18th, 8:15pm - 9:00pm SANS@Night
Wednesday, June 19
Session Speaker Time Type
Coffee & Donuts with the Graduate Students Wednesday, June 19th, 7:30am - 9:00am Reception
Vendor Solutions Expo Wednesday, June 19th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Wednesday, June 19th, 5:15pm - 6:15pm Vendor Event
Women's CONNECT Wednesday, June 19th, 6:15pm - 7:15pm Reception
Product Test Drive: Pulse Secure - Network Security Wednesday, June 19th, 6:30pm - 8:30pm Vendor Event
Product Test Drive: Fidelis Cybersecurity - Protecting Cyber Terrain and Defining Your Attack Surface Wednesday, June 19th, 6:30pm - 8:30pm Vendor Event
Let's Go Hunting Bad Guys John Strand Wednesday, June 19th, 7:15pm - 8:15pm SANS@Night
Oh, you got this? Practical Attacks on Modern Infrastructure Moses Frost Wednesday, June 19th, 7:15pm - 8:15pm SANS@Night
Securing All the Things - CIS Benchmarks for the Win! Rob Vandenbrink- ISC Handler Wednesday, June 19th, 7:15pm - 8:15pm SANS@Night
Adventures of the 100Gb Bloodhound Tom Webb- ISC Handler Wednesday, June 19th, 7:15pm - 8:15pm SANS@Night
The Data Privacy Imperative Ben Wright Wednesday, June 19th, 7:15pm - 8:15pm SANS@Night
Come to the Dark Side: Python's Sinister Secrets Mark Baggett Wednesday, June 19th, 8:15pm - 9:15pm SANS@Night
Building and Operating an OT/ICS SOC Robert M. Lee Wednesday, June 19th, 8:15pm - 9:15pm Special Events
Threat Hunting with OSSEC Xavier Mertens- ISC Handler Wednesday, June 19th, 8:15pm - 9:15pm SANS@Night
A BEAST and a POODLE celebrating SWEET32 Bojan Zdrnja- ISC Handler Wednesday, June 19th, 8:15pm - 9:15pm SANS@Night
Thursday, June 20
Session Speaker Time Type
IOC to Domain and DNS Infrastructure Intelligence - Building Supporting Evidence Corin Imai - Senior Security Advisor Thursday, June 20th, 12:30pm - 1:15pm Lunch and Learn
Adversary Tradecraft and The Need for Speed Cristian Rodriguez, Manager, Sales Engineering – Public Sector & Health Care, East Thursday, June 20th, 12:30pm - 1:15pm Lunch and Learn
Machine Learning and Network Security Monitoring: You Canât Have One Without the Other Dr. Scott Miserendino, VP of Research and Development, BluVector, A Comcast Company Thursday, June 20th, 12:30pm - 1:15pm Lunch and Learn
Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them Lenny Zeltser Thursday, June 20th, 7:15pm - 8:15pm SANS@Night