Finding Evil with Mitre ATT&CK and the Elastic Stack

Presented at BSidesLV 2019, Aug. 7, 2019, 2 p.m. (235 minutes)

Find out how Mitre's ATT&CK can be used as a baseline for threat hunting. Starting with data hygiene and ending with an example hunt, we'll show you how the Elastic Stack can help you find bad actors in a standardized and auditable way. Learn how the Elastic Stack's latest capabilities enable interactive exploration and automated analysis.

Presenters:

• Kent Brake
  Kent Brake is a Principal Solutions Architect based in Richmond, VA. At Elastic, Kent works with Department of Defense customers as well as commercial partners with a focus on security analytics. Before joining Elastic, Kent spent 9 years building Cloudmark based messaging security with customers like AT&T, Facebook and Fireeye.
• Matteo Rebeschini
  Matteo Rebeschini is a Principal Solutions Architect and Security Specialist at Elastic, where he works with customers on architecting real-time security analytics solutions using the Elastic Stack. Matteo has 18+ years of experience in the cybersecurity industry covering various roles, from software engineering to technical product management and more recently consulting and solutions architecture.

Similar Presentations:

• BSidesSF 2022 Rescheduled / Threat hunting: Using MITRE ATT&CK against Carbanak malware
• BSidesDC 2019 / Keeping CTI on Track: An Easier Way to Map to MITRE ATT&CK
• Black Hat USA 2019 / MITRE ATT&CK: The Play at Home Edition