Do you have the skills needed to defeat cyber attackers? Register now for training in San Francisco.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Windows Defender ATP’s Advanced Hunting: Using Flexible Queries to Hunt Across Your Endpoints

  • Friday, July 27th, 2018 at 1:00 PM EDT (17:00:00 UTC)
  • Matt Bromiley & Jonathan Bar Or
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Microsoft

You can now attend the webcast using your mobile device!

Overview

Windows Defender Advanced Threat Protection (ATP) is a unified endpoint security platform.

Often times SecOps teams would like to perform proactive hunting or perform a deep-dive on alerts, and with Windows Defender ATP they can leverage raw events in order to perform these tasks efficiently.

This Webcast will share how Windows Defender ATP exposes raw events and more importantly - how to query these events efficiently. Learn how to query terabytes of data in matter of seconds to help analysts determine threats and alerts on your network.

Attendees will learn:

* Efficiently hunting for big data using Kusto Query Language

* Dissect and interpret interesting information from attacks

* Perform a live deep-dive on a file-less malware attack and extract important attribution

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS Certified Digital Forensics and Incident Response instructor, teaching Advanced Digital Forensics, Incident Response, and Threat Hunting (FOR508) and Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response (FOR572), and a GIAC Advisory Board member. He is also a principal incident response consultant at a major incident response and forensic analysis company, combining experience in digital forensics, incident response/triage and log analytics. His skills include disk, database, memory and network forensics, as well as network security monitoring. Matt has worked with clients of all types and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.


Jonathan Bar Or

Jonathan Bar Or (“JBO”) is a security researcher in Microsoft, working in the security industry over 10 years.

He has worked mostly on offensive security research on multiple platforms and architectures, and has recently shifted to defensive security research for WDATP.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.