Presentation - Improving Windows Event Log Analysis with Yamato Security Tools presented by SANS Certified Instructor Zachary Mathis
As approximately 75% of desktop computers are using Windows, this is still the main operating system that attackers will target and hence the main OS that incident responders have to respond to and figure out how the computer was compromised, what did the attackers do, what other systems were compromised, etc... Unfortunately, the default log settings are completely inadequate and do not provide enough details for the investigators. Furthermore, even when proper logging is enabled, analysts face various challenges such as Windows logs are mostly noise, logs are separated across hundreds of files, fields are not normalised, messages are often cryptic, etc... making log analysis traditionally a very tedious and unpleasant task. Zach Mathis, the project leader for the Yamato Security tools, will explain about how to properly configure your logs in a practical manner and how to perform easy and scalable analysis with Hayabusa and Takajo, two free open-source tools. Hayabusa is a fast forensics timeline generator and threat hunting tool utilising over 4000+ open-source Sigma detection rules. It is currently the only free and open-source tool that fully supports the Sigma specification letting your analysts detect the most complex attacks with the highest precision and customisation. Takajo will further automate the most common analysis tasks as well as provide a dynamic web report to quickly triage alerts and compromised computers.
Presentation - Top Five Cloud Security Trends and Tips with SANS Professor Frank Kim
Learn about the top five trends that are shaping cloud security adoption: identity, automation, architecture, monitoring, and GenAI. Hear about high profile cloud security breaches and walk away with tips and techniques for responding to these trends including free and open-source tools as well as cloud provider specific services you can use to build your security capabilities.
