A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Standardizer: a standardization framework for your security alerts - Christian Burrows (Circle City Con 2019 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Standardizer: a standardization framework for your security alerts
Christian Burrows

@WalterKronkite
Circle City Con 2019

It is necessary to write custom alerts within your organization to detect organization and product specific attacks. It can be difficult to maintain these alerts, enable alert creation continuity across multiple teams & geographic regions, have an objective when creating an alert, measuring historical activity, and making decisions on naming convention and standardization. In this session, you will learn how the incident response team at Atlassian has created a framework for the standardization of your alerts. We discuss our motives behind choosing the open source Mitre ATT&CK framework to base our alert detections on, the naming convention we chose, how we keep all of our alerts in source control, the CI/CD pipeline that we built for simulating attack data & running tests on the alerts to verify they are still valid, and reporting on the quality of these alerts. Come watch an efficient overview of how you can improve your alerting pipeline and see the standardizer in action.

Christian Burrows is a security practitioner from Austin, TX . He has 7+ years of experience in blue team / security incident response for various software companies. Some of his work includes helping to save the internet from really bad 0-days that were successfully used against companies he has worked for, spending entirely too much cumulative time in Splunk, reversing game hacks, and always trying to find bad stuff in prod environments. His speaking style is to not assume too much, to be efficient with time, and not read verbatim off of the presentation.

Back to Circle City Con 2019 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast