What a fun day! Thanks to all who attended my session at the Northern Ohio Security Summit “TRUE CRIME – the first 48 hours in your network” it was a packed house!
As promised, here are some resources to enable you to LIGHT up your network.
Feel free to hit me up on Linkedin with any questions.
Link to presentation – TimRoth_ClevelandSecuritySummit10_26
->Interrogating the Network (means to pull data from the network)
Means to enable packet capture – just an example
->Collecting the Artifacts (means to collect the data)
ELK Stack – collection of Netflow with ELK Stack + ElasticFlow
Setup Elastiflow (Netflow visual tool for ELK Stack)
ETA/JOY – encrypted traffic analytics
TALOS BLOG –
https://talosintelligence.com/software (Open Source Projects – Snort, Immunet)