| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
It is necessary to write custom alerts within your organization to detect organization and product specific attacks. It can be difficult to maintain these alerts, enable alert creation continuity across multiple teams & geographic regions, have an objective when creating an alert, measuring historical activity, and making decisions on naming convention and standardization.
In this session, you will learn how the incident response team at Atlassian has created a framework for the standardization of your alerts. We discuss our motives behind choosing the open source Mitre ATT&CK framework to base our alert detections on, the naming convention we chose, how we keep all of our alerts in source control, the CI/CD pipeline that we built for simulating attack data & running tests on the alerts to verify they are still valid, and reporting on the quality of these alerts.
Come watch an efficient overview of how you can improve your alerting pipeline and see the standardizer in action. Christian Burrows is a security practitioner from Austin, TX . He has 7+ years of experience in blue team / security incident response for various software companies. Some of his work includes helping to save the internet from really bad 0-days that were successfully used against companies he has worked for, spending entirely too much cumulative time in Splunk, reversing game hacks, and always trying to find bad stuff in prod environments. His speaking style is to not assume too much, to be efficient with time, and not read verbatim off of the presentation.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast