A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


RegEx for Incident Response - Daniel Nutting Bryan Turner (BSides Tampa 2019) (Hacking Illustrated Series InfoSec Tutorial Videos)

RegEx for Incident Response
Daniel Nutting Bryan Turner
BSides Tampa 2019

Abstract: In any cyber security investigation, a bulk of the work involves wading through volumes of logs looking for that needle in the haystack. Using sophisticated SIEMS or scripting or even Notepad++, these logs can be quickly mined for insight using Perl Compatible Regular Expressions. Shucking the typical trope of "minimize false positives," this presentation teaches a methodology to efficiently develop easy to understand, good enough regular expressions that are tailor written for the investigation and the data set. Worry less, just get the data. RegEx makes it possible to filter your logs with searches like: SQL_Injection=*

Bio: Bryan and Dan work in the Publix Super Markets Security Operations Center. In the past several years, they have developed a rhythm for conducting investigations efficiently. Dan has several SANS certifications, including GCIH, GCFE, GCFA, as well as other industry certifications. He was previously an Information Systems Security Officer for the US Coast Guard. Currently, Dan also teaches as an adjunct for Cyber Security at Florida Southern College.

Back to BSides Tampa 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast