After the 2018 DeepSec edition in November and the BruCON Spring Training in April, I’m happy to come back on the DeepSec 2019 schedule!
OSSEC is sometimes described as a low-cost log management solution but it has many interesting features which, when combined with external sources of information, may help in hunting for suspicious activity occurring on your servers and end-points. During this training, you will learn the basic of OSSEC and its components, how to deploy it and quickly get results. Then we will learn how to deploy specific rules to catch suspicious activities. From an input point of view, we will see how easy it is to learn new log formats to increase the detection scope and, from an output point of view, how we can generate alerts by interconnecting OSSEC with other tools like MISP, TheHive or an ELK Stack / Splunk /etc…
A quick overview of the training content:
- Day 1
- Hunting & OSINT
- OSSEC 101
- Decoder & Rules
- Fine-tuning alerts
- Enrichment
- Hunting with OSSEC
- Day 2
- Hunting on Windows
- Active-Response
- Logging & Vizualization • Extra examples
The content has been improved since the previous editions. The targeted audience is Blue team members, CSIRTs and all people interested in defensive security. The DeepSec schedule is already online and the registration page is here. Please spread the word!