TALK TO AN EXPERT
ad-images-nav_0001_SANs thumb

SANS Protects: The Network

DOWNLOAD WHITE PAPER

ad-images-nav_0009_Threat-hunting-guide

Threat hunting guide

GET THE GUIDE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

ad-images-nav_0000_Thinking-like-a-threat-actor

Thinking like a Threat Actor: Hunting the Ghost in the Machine

WATCH THE WEBCAST

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

ad-nav-NDR-for-dummies

NDR for Dummies

GET THE WHITE PAPER

ad-nav-video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

Take the Corelight challenge: Splunk’s Boss of the SOC

Looking for some threat hunting and incident response practice that's more game than work? Check out the new Capture the Flag (CTF) challenges from Corelight, now available on Splunk’s Boss of the SOC (BOTS) website - just in time for .conf!

Our two on-demand BOTS modules will show you how Corelight data in Splunk can accelerate your processes and help analysts spend more time analyzing and less time fumbling with queries and gluing together data sources. You’ll pivot from Suricata alerts to Zeek® evidence, finding indicators of C2 beaconing, lateral movement, and data exfiltration along the way. Plus, you’ll see how valuable our HTTP, DNS, SSL, and x509 logs (and more) are for common incident response and threat hunting tasks.

We’ve designed the questions in these scenarios to lead you through typical analyst processes, making them interesting to current practitioners, while also approachable to folks who want to break into or advance in the security industry. Hints are available for many of the more challenging questions, but the exercise is designed so that most will be able to complete it within an 90 minutes to three hours. For help getting started, check out the “Intro to Corelight” video in the “Learn” section of the BOTS website.

If you’re ready for the challenge, head over to http://bots.splunk.com, sign in with a (free) Splunk account, and click on the Corelight logo to get started. 

Good luck and have fun!

by Ed Smith, Product Marketing Manager, Corelight

 

Search

    Recent Posts