The Scientific Method to Picking Apart a Detection

Logo
Presented by

Raja Jasper, SOC Manager at a financial institution and Saurabh Wadhwa, a Senior Solutions Engineer at Uptycs

About this talk

In this session Raja Jasper, SOC Manager at a financial institution and Saurabh Wadhwa, a Senior Solutions Engineer at Uptycs, discuss how to use osquery and MITRE ATT&CK to build sophisticated detections based on behavior, rather than IOCs. Detections based on behaviors tell a story and provide analysts a lot more context, plus they are more troublesome for attackers to avoid. Osquery gathers the endpoint telemetry needed to build these types of detections. Raja and Saurabh demonstrate how to use osquery to build a behavior-based detection using Emotet malware as an example. Check out the other sessions from Osquery@scale, an annual event hosted by Uptycs for the osquery community. This event was held in San Francisco at the Exploratorium in September, 2022. Join us at future events to learn how security leaders and practitioners from Financial Services, Telco, SaaS, Hi-Tech, and other industries use osquery to manage security risks at scale.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (37)
Subscribers (897)
Secure cloud, containers, and endpoints with one unified solution. Find and remove critical risks in your modern attack surface—from laptops to containers—all from a single UI and data model.