My Cyber Sense Is Tingling! Detection Engineering With Free Tools

Every threat hunt, every incident response, and every bulletin from your ISAC comes with a wealth of intelligence and indicators that you can leverage to spot suspicious or malicious activity in the future. The process of taking that information and turning it into reliable, repeatable alerting is known as Detection Engineering.

In this presentation I will introduce the free and open Security Onion enterprise monitoring platform, the methods by which it can generate or ingest logs about what’s happening in your environment, and how we can use that log data to trigger alerts for potential incidents. Whether you’re looking for artifacts in network traffic, file structures, or endpoint logs, it’s easy to create new detection rules so your analysts are aware when something suspicious rears its head.