Read the Gartner® Competitive Landscape: Network Detection and Response Report
Read the Gartner® Competitive Landscape: Network Detection and Response Report
START HERE
WHY CORELIGHT
SOLUTIONS
CORELIGHT LABS
Close your ransomware case with Open NDR
SERVICES
ALLIANCES
USE CASES
Find hidden attackers with Open NDR
Corelight announces cloud enrichment for AWS, GCP, and Azure
Corelight's partner program
10 Considerations for Implementing an XDR Strategy
October 18, 2021 by Ed Smith
Looking for some threat hunting and incident response practice that's more game than work? Check out the new Capture the Flag (CTF) challenges from Corelight, now available on Splunk’s Boss of the SOC (BOTS) website - just in time for .conf!
Our two on-demand BOTS modules will show you how Corelight data in Splunk can accelerate your processes and help analysts spend more time analyzing and less time fumbling with queries and gluing together data sources. You’ll pivot from Suricata alerts to Zeek® evidence, finding indicators of C2 beaconing, lateral movement, and data exfiltration along the way. Plus, you’ll see how valuable our HTTP, DNS, SSL, and x509 logs (and more) are for common incident response and threat hunting tasks.
We’ve designed the questions in these scenarios to lead you through typical analyst processes, making them interesting to current practitioners, while also approachable to folks who want to break into or advance in the security industry. Hints are available for many of the more challenging questions, but the exercise is designed so that most will be able to complete it within an 90 minutes to three hours. For help getting started, check out the “Intro to Corelight” video in the “Learn” section of the BOTS website.
If you’re ready for the challenge, head over to http://bots.splunk.com, sign in with a (free) Splunk account, and click on the Corelight logo to get started.
Good luck and have fun!
by Ed Smith, Product Marketing Manager, Corelight