To Catch a Penetration Tester: Top SIEM Use Cases

Presented at DerbyCon 6.0 Recharge (2016), Sept. 23, 2016, 3 p.m. (50 minutes).

Every blue team should have a Chris Hansen for catching penetration testers! We surveyed multiple penetration testers and security professionals to collect the best and most useful SIEM detection use cases. The goal of the use cases is to detect a penetration tester/external attacker in a typical enterprise environment. The top use cases will be reviewed. This talk is designed to help blue teams mature their detection and SIEM programs.

Presenters:

Similar Presentations: