Cyberthreat Hunting with Kestrel
*This event is postponed from February 27. More details on the new date coming soon.
This code tutorial focuses on introducing reusable and composable threat hunting practice in Kestrel. The one-hour event will include an overview presentation and a walkthrough of basic Kestrel concepts and cyberthreat hunting steps using Jupyter Notebooks. We will explain and execute data retrieval via federated search, connected entity investigation, basic variable transformation, and huntflow construction. The attendees will get access to the same lab we demonstrate, play with the demos, solve a quiz at the end of each huntbook, and walk away with the mindset of fast and reusable threat hunting plus additional materials to play with.
Cyberthreat hunting is the planning and developing of threat discovery procedures against new and customized advanced persistent threats (APT). Threat hunters create customized intrusion detection system (IDS) instances every day with a combination of data source queries, complex data processing, machine learning, threat intelligence enrichment, proprietary detection logic, and more. In traditional cyberthreat hunting, many pieces of hunts are written against specific data sources and data types, which makes the domain knowledge in them not reusable, and hunters need to express the same knowledge again and again for different hunts. Today it takes on-average more than 200 days to discover a data breach in a large organization. Can we make hunting knowledge reusable and accelerate threat discovery with faster new hunt creation and composition?