YoVDO

Full Circle Detection - From Hunting to Actionable Detection

Offered By: NorthSec via YouTube

Tags

NorthSec Courses Cybersecurity Courses Incident Response Courses Community Collaboration Courses Threat Detection Courses Security Operations Courses

Course Description

Overview

Explore a comprehensive approach to creating efficient, accurate, and resilient detection rules in this 23-minute conference talk from NorthSec. Follow a step-by-step guide through the "Full Circle Detection" process, from generating hunting ideas to developing actionable alerts for security analysts. Learn how to transform a simple blog article about an Outlook persistence technique into a complete security team workflow. Discover techniques for converting hunt queries into SIEM detections, validating rules with Atomic Red Team tests, sharing detections through Sigma rules, maintaining detection pipelines, creating incident response playbooks, and developing effective training materials. Gain insights from Mathieu Saulnier, a Core Mentor for Defcon's Blue Team Village and experienced security professional, as he demonstrates how to implement a holistic approach to threat detection and response.

Syllabus

Intro
Idea
Example
Atomic Red Team
Convert Hunting to Detection
Sharing your Detection
Running your Pipeline
Incident Response Playbook
Training
Automating
Conclusion


Taught by

NorthSec

Related Courses

Palo Alto Networks Cybersecurity
Palo Alto Networks via Coursera
(ISC)² Systems Security Certified Practitioner (SSCP)
(ISC)² via Coursera
CompTIA Security+ (SY0-701) Complete Course & Exam
Udemy
SSCP®: Monitoring and Analysis & Risk, Response, and Recovery (2012 Objectives)
Pluralsight
SSCP®: Security Operations and Administration
Pluralsight