Everything Everywhere All at Once - A Practical Guide to Alert Triage and Analysis.

Presented at Kernelcon 2023, April 15, 2023, 11:30 a.m. (60 minutes)

If you’ve done any sort of work in incident response, assessing alerts and deciding where to start in collecting information can be overwhelming even in the best of times. It’s easy to overlook something important, or to blow something unimportant out of proportion. I’m going to cover some basic triage methodology and then we're going to walk through a full threat handling checklist that you can use in your day-to-day alert analysis to perform information collection, so you know you have the right data to make the right decisions - is this an emergency, or am I dealing with my hypochondriac AV again?

Presenters:

• Megan Benoit - NFM
  Megan Benoit has spent most of the last 20+ years building vulnerability management and incident response programs, architecting and deploying security solutions, and telling management she’s a security engineer, not a miracle worker. Megan currently works as a Senior Network Security Engineer for NFM and has worked for the DoD, as well as the healthcare and retail industries. In her spare time she teaches group exercise classes because when she tells people what to do, they don’t argue back.

Similar Presentations:

• BruCON 0x07 (2015) / Crowdsourced Malware Triage Workshop - Making Sense of Malware with a Browser and a Notepad Workshop
• BruCON 0x08 (2016) / Crowdsourced Malware Triage Workshop
• May Contain Hackers (MCH2022) / Collect all the data (more than you ever need)