YoVDO

Grapl - A Graph Platform for Detection and Response

Offered By: BSidesLV via YouTube

Tags

Security BSides Courses Cybersecurity Courses Graph Theory Courses Incident Response Courses Threat Detection Courses

Course Description

Overview

Explore a comprehensive conference talk on Grapl, a graph platform designed for detection and response in cybersecurity. Delve into the power of graph-based approaches, understanding nodes, edges, and their applications in security contexts. Learn about Grapl's functionalities, including master graph creation, identification techniques, and various detection methods. Discover how to leverage asset lenses, best practices, and investigation tools like Jupiter notebooks. Gain insights into engagement and process graphs, platform setup, and participate in a Q&A session to deepen your understanding of this innovative security solution.

Syllabus

Introduction
Nodes and edges
Graphs are powerful
Graphs and security
Bloodhound
Logs
What Grapl does
Master Graph
Identification
Session Based Identification
Log Based Detection
Relationship Based Detection
Asset Lens
parentchild counter
binary signature
best practices
investigations
parentpit
switch tabs
Jupiter notebook
Engagement graph
Process graph
Platform
Setup
Questions


Taught by

BSidesLV

Related Courses

Early Detection through Deception
YouTube Hack for Show, Report for Dough - Brian King
YouTube Blue Teamin on a Budget of Zero - Kyle Bubp
YouTube Windows Event Logs - Zero to Hero
YouTube Weaponizing Splunk - Using Blue Team Tools for Evil
YouTube