ISC Handler Series: SANS@MIC- A walk through logs hell
- Xavier Mertens
- Monday, June 15th, 8:30pm - 9:30pm
Time Zone: US - Eastern
Once upon a time, an ogre called "SIEM" was invented!
Today, if your organization does not have a SIEM, you look like the "Little Tom Thumb" among your peers. During infosec meetups, many people like to brag about the power of the monster they deployed: We can ingest 5K events per second! or we index 3TB a day! That looks indeed nice but does not impress me so much. Are you sure that you can still find the needle from a haystack?
Being involved with such technologies and environments for a while, I had the opportunity to face many situations where the ogre SIEM was not able to return interesting data due to mis-configurations, topology changes, lack (or absence) of logs, wrong normalization and many more... Managing logs and events is not an easy job. This presentation will tell you some nightmare stories that you could also face in your organizations. And, of course, some ideas to prevent them.
This talk is being delivered via Live Online: SANS@Mic webcast. Register here!
All talks are archived once delivered and accessed here: https://www.sans.org/webcasts/archive/2020
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Lunch & Learn: Short presentations given during the lunch break.
Monday, June 15
| Session | Speaker | Time | Type |
|---|---|---|---|
| Cybersecurity: Why Asset Management Matters | Andrew Senko | Monday, June 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Leverage DNS OSINT at Scale | Taylor Wilkes-Pierce | Monday, June 15th, 12:30pm - 1:15pm | Lunch and Learn |
| ISC Handler Series: SANS@MIC -Arcane web and mobile application vulnerabilities | Bojan Zdrnja | Monday, June 15th, 3:30pm - 4:30pm | SANS@Night |
| ISC Handler Series: SANS@MIC- A walk through logs hell | Xavier Mertens | Monday, June 15th, 8:30pm - 9:30pm | SANS@Night |
Tuesday, June 16
| Session | Speaker | Time | Type |
|---|---|---|---|
| Does Your Web Browser Need a Stunt Double? | Rajiv Raghunarayan | Tuesday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
Wednesday, June 17
| Session | Speaker | Time | Type |
|---|---|---|---|
| How Implementing SOAR Improves Efficiency In Your Organization | Jay Spann | Wednesday, June 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Proactive Threat Hunting with SOAR | Alex Valdivia | Wednesday, June 17th, 12:30pm - 1:15pm | Lunch and Learn |
| ISC Handler Series: SANS@MIC - Catch and release: phishing techniques for the good guys | Jan Kopriva | Wednesday, June 17th, 3:30pm - 4:30pm | SANS@Night |
| ISC Handler Series: SANS@MIC - Maldocs: a bit of blue, a bit of red | Didier Stevens | Wednesday, June 17th, 8:30pm - 9:30pm | SANS@Night |
Thursday, June 18
| Session | Speaker | Time | Type |
|---|---|---|---|
| Effortlessly Immunize Software - Rapidly Inoculate Compiled Code Against Software Memory Vulnerabilities | Doug Britton | Thursday, June 18th, 12:30pm - 1:15pm | Lunch and Learn |
| Expert Playbooks for Non-Expert Use | Alex Kirk | Thursday, June 18th, 12:30pm - 1:15pm | Lunch and Learn |
| Tracking Down the Cyber Criminals: Revealing Malicious Infrastructures with Umbrella | Chris Bilodeau | Thursday, June 18th, 12:30pm - 1:15pm | Lunch and Learn |
