SANS Rocky Mountain Fall is Live Online! Join us Nov 2-7 MT for 17 interactive courses + NetWars. Save $300 thru 10/7.

SANSFIRE 2020 - Live Online

Virtual, US Eastern | Sat, Jun 13 - Sat, Jun 20, 2020

ISC Handler Series: SANS@MIC- A walk through logs hell

  • Xavier Mertens
  • Monday, June 15th, 8:30pm - 9:30pm

Time Zone: US - Eastern

Once upon a time, an ogre called "SIEM" was invented!

Today, if your organization does not have a SIEM, you look like the "Little Tom Thumb" among your peers. During infosec meetups, many people like to brag about the power of the monster they deployed: We can ingest 5K events per second! or we index 3TB a day! That looks indeed nice but does not impress me so much. Are you sure that you can still find the needle from a haystack?

Being involved with such technologies and environments for a while, I had the opportunity to face many situations where the ogre SIEM was not able to return interesting data due to mis-configurations, topology changes, lack (or absence) of logs, wrong normalization and many more... Managing logs and events is not an easy job. This presentation will tell you some nightmare stories that you could also face in your organizations. And, of course, some ideas to prevent them.

This talk is being delivered via Live Online: SANS@Mic webcast. Register here!

All talks are archived once delivered and accessed here: https://www.sans.org/webcasts/archive/2020


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Lunch & Learn: Short presentations given during the lunch break.
Monday, June 15
Session Speaker Time Type
Cybersecurity: Why Asset Management Matters Andrew Senko Monday, June 15th, 12:30pm - 1:15pm Lunch and Learn
Leverage DNS OSINT at Scale Taylor Wilkes-Pierce Monday, June 15th, 12:30pm - 1:15pm Lunch and Learn
ISC Handler Series: SANS@MIC -Arcane web and mobile application vulnerabilities Bojan Zdrnja Monday, June 15th, 3:30pm - 4:30pm SANS@Night
ISC Handler Series: SANS@MIC- A walk through logs hell Xavier Mertens Monday, June 15th, 8:30pm - 9:30pm SANS@Night
Tuesday, June 16
Session Speaker Time Type
Does Your Web Browser Need a Stunt Double? Rajiv Raghunarayan Tuesday, June 16th, 12:30pm - 1:15pm Lunch and Learn
Wednesday, June 17
Session Speaker Time Type
How Implementing SOAR Improves Efficiency In Your Organization Jay Spann Wednesday, June 17th, 12:30pm - 1:15pm Lunch and Learn
Proactive Threat Hunting with SOAR Alex Valdivia Wednesday, June 17th, 12:30pm - 1:15pm Lunch and Learn
ISC Handler Series: SANS@MIC - Catch and release: phishing techniques for the good guys Jan Kopriva Wednesday, June 17th, 3:30pm - 4:30pm SANS@Night
ISC Handler Series: SANS@MIC - Maldocs: a bit of blue, a bit of red Didier Stevens Wednesday, June 17th, 8:30pm - 9:30pm SANS@Night
Thursday, June 18
Session Speaker Time Type
Effortlessly Immunize Software - Rapidly Inoculate Compiled Code Against Software Memory Vulnerabilities Doug Britton Thursday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Expert Playbooks for Non-Expert Use Alex Kirk Thursday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Tracking Down the Cyber Criminals: Revealing Malicious Infrastructures with Umbrella Chris Bilodeau Thursday, June 18th, 12:30pm - 1:15pm Lunch and Learn