How does an analyst perform threat hunting and detect attacks on edge devices such as routers, firewalls, F5, switches, etc.? How to detect adversaries "Living Off The Land" and taking advantage of edge devices? Is the approach to detecting attacks on edge devices specific to the SIEM (Ex: QRadar) and how to query the logs? If so, how do I find keywords to search, strings to search, Event IDs, etc.? Are the keywords, strings, and event IDs vendor specific to search and detect malicious behavior? So far, the only solutions I have found to detect attacks on edge devices are CVEs and Nessus Plugins. Any assistance would be much appreciated.
Just looking to help companies save money. Another see something say something program. Is he suggesting to pay employees extra for scripts when they are not scripting but help desk.
Thanks Chris, this was a great soc delivery 👍🏽
Very informative video. My biggest takeaway was to take 1 hour a week to work on threat hunting at some level. Thanks!
How does an analyst perform threat hunting and detect attacks on edge devices such as routers, firewalls, F5, switches, etc.? How to detect adversaries "Living Off The Land" and taking advantage of edge devices? Is the approach to detecting attacks on edge devices specific to the SIEM (Ex: QRadar) and how to query the logs? If so, how do I find keywords to search, strings to search, Event IDs, etc.? Are the keywords, strings, and event IDs vendor specific to search and detect malicious behavior? So far, the only solutions I have found to detect attacks on edge devices are CVEs and Nessus Plugins. Any assistance would be much appreciated.
Another amazing video, its help a lot.
Thank you guys
I really enjoyed this video... thank you!
Thank you for this video. I plan on sharing with my team.
Just looking to help companies save money. Another see something say something program. Is he suggesting to pay employees extra for scripts when they are not scripting but help desk.
But he doesn't explain why the Easter bunny lays eggs @eastertime?
The audio is extremely bad!!!
Mor2come21 You must have watched another video. Otherwise, check your equipment. The audio is actually “extremely” good.
Sorry. I didn't think the audio was so bad. Are there parts that you didn't understand that I can elaborate on?
Chris Crowley hi Chris, please could you share the link to resource mentioned in the video. Will be great to go through it.
Thanks
@@ejoviag6561 - All my resources that are publicly available are here: www.mgt517.com/soc . Lots of slide decks and files to download!