Threat Hunting and Incident Handling with OSSEC: September 2021

£1,200.00

OSSEC is sometimes described as a low-cost log management solution but it has many interesting features that, when combined with external sources of information, may help in hunting for suspicious activity occurring on your servers and end-points. Its agent-based architecture allows automation of many tasks performed during incident investigations.

This course will run online on the 14th and 15th of September 2021.

Out of stock

SKU: 44CON-S21-TRN-THIH Category: Tags: , , , , ,

Live Online Training

Presented By: Xavier Mertens

OSSEC is sometimes described as a low-cost log management solution but it has many interesting features that, when combined with external sources of information, may help in hunting for suspicious activity occurring on your servers and end-points. Its agent-based architecture allows automation of many tasks performed during incident investigations.

During this training, you will learn the basic of OSSEC and its components, how to deploy it and quickly get results. The second part will focus on the deployment of specific rules to catch suspicious activities. From an input point of view, we will see how easy it is to learn new log formats to increase the detection scope and, from an output point of view, how we can generate alerts by interconnecting OSSEC with other tools like MISP, TheHive or an ELK Stack / Splunk / … and add more contextual content with OSINT feeds. Finally, we will use the “Active-Response” feature to deploy useful scripts and improve your response capabilities.

The 2 day course will take place online on the 14th and 15th September 2021.
The price is £1,200 (inc VAT/£1,000 ex VAT).

Read more

Targeted audience:

  • SOC members
  • Blueteamers
  • System administrators
  • Incident responders

Requirements:

  • No specific hardware required except a browser and a SSH client. All labs will be hosted in the cloud.
  • Knowledge:
    • Basic knowledge of UNIX
    • Basic knowledge of Windows
    • Networking, TCP/IP
    • Common threats & vulnerabilities

Read more

About the Trainer

Xavier Mertens is a freelance cyber security consultant based in Belgium. His daily job focuses on protecting his customers assets by applying “defensive” security (incident handling, forensics, log management, SIEM, security visualisation, OSINT) but also “offensive” security (pentesting). However, his preferred domain is playing on the Blue Team side. Besides his daily job, Xavier is also  a SANS Internet Storm Center senior handler (https://isc.sans.edu), SANS instructor (FOR610) and co-organizer of the BruCON security conference (https://www.brucon.org). https://blog.rootshell.be, @xme