I am excited to present a talk and a hands-on-lab on Kestrel threat hunting at the TechExchange'23 Conference at the MGM in Las Vegas. Kestrel accelerates cyber threat hunting by providing a layer of abstraction to build reusable, composable, and shareable “hunt-flows”. The talk and the lab session are for all cybersecurity analysts to understand and streamline Threat hunting.
The talk with my co-speaker Leila Rashidi includes a quick how-to in Kestrel and showcases the joint research with University of New Brunswick, Canada. We will talk about semi-supervised anomaly detection approach to detect malicious authentication requests made in lateral movement applying advanced methods like graph learning. We will share the research and introduce two AI based analytic models to detect lateral movement, demonstrate how we bring these ML model analytics into Kestrel threat hunting.
Code: 1876
Title: AI assisted lateral movement detection using Kestrel
Session Type: Academic/Research Session
Topic: Security
The instructor hands-on-lab session will help learn simple threat hunting using federated searches with focus on identity-threat hunting built on top of Kestrel. The lab will include live hunts in Jupyter Notebooks and demo by the instructor on QRadar Suite.
Code: 5308
Title: Performing Your Threat Hunting with Kestrel
Session Type: Hands-on Lab
Topic: Threat Management
Lab Instructor(s): Sulakshan Vajipayajula,
What you will learn:
- Experience threat hunting using federated searches on connected data sources using Kestrel and Stix-Shifter.
- Accelerates cyber threat hunting and learn how to build reusable, composable, and shareable huntbooks.
- Learn how to bringing-in ML models for threat hunting use cases.
- Learn use of machine learning in later movement detection.
1
#TechXchangePresenter
#TechXchangeSession