What a fun day! Thanks to all who attended my session at the Northern Ohio Security Summit “TRUE CRIME – the first 48 hours in your network” it was a packed house!
As promised, here are some resources to enable you to LIGHT up your network.
Feel free to hit me up on Linkedin with any questions.
Link to presentation – TimRoth_ClevelandSecuritySummit10_26
->Interrogating the Network (means to pull data from the network)
Means to enable packet capture – just an example
Packet Capture in Cisco Router and Switches
Application visibility with Netflow (NO FIREROUTER required)
Available IPIX/NETFLOW records
->Collecting the Artifacts (means to collect the data)
ELK Stack – collection of Netflow with ELK Stack + ElasticFlow
Setup Elastiflow (Netflow visual tool for ELK Stack)
Run snort on your Cisco Router
An Introduction to Threat Hunting With Zeek (Bro)
ETA/JOY – encrypted traffic analytics
Presentation on Cisco ETA/Project Joy
Slide Deck – Cisco ETA/Project Joy
TALOS BLOG –
https://talosintelligence.com/software (Open Source Projects – Snort, Immunet)