Several commercial and opensource tools enable security data ingestion, however, these tools are typically not simple and easily incur errors through misconfigurations. MITRE ATT&CKTM, Elastic’s Logstash ‘pipeline to pipeline’ and multi-pipeline features provide a lot of value but also need to be used and configured correctly. In this session, we will review:
A day in the life of a Security Analyst
Writing attack behavior security plugins
Integrating MITRE intelligence into a plugin
Other classification techniques
Pipeline to Pipeline and debug tools
Are you new to Elastic SIEM? Join us for a demo and learn how to start investigating threats in your environment.
Joe DiGregorio, Solution Architect, empow
Joe DiGregorio is Solution Architect at empow and a Boston based cybersecurity professional with over 7 years’ experience including in vulnerability management, penetration testing, insider threat detection & mitigation, and consulting. Joe's knowledge and experience comes from years working at industry leaders such as CORE Security and ObserveIT (now a Proofpoint company).