Taking Event Correlation With You
Offered By: Black Hat via YouTube
Course Description
Overview
Explore event correlation in information security and forensics through this Black Hat conference talk. Delve into the challenges of log analysis, behavior detection, record linkage, and expert systems. Learn about Giles, a compiler that creates event correlation engines, and discover how its output can be used to create SQL databases that function as fully-fledged event correlation engines. Understand the advantages of this approach, including the ability to deploy event correlation engines anywhere a database can be placed and access them using any programming language. Follow along with a live demo and gain insights into the performance benefits and engineering wins of this innovative approach to event correlation.
Syllabus
Introduction
Who am I
What is event correlation
What is Giles
Complex predicates
Holistic engines
Dirt
Giles
Facts
Fields
Facts are data
Restoring state
Example
Engineering wins
Giles guarantee
Live demo
Advantages
Performance
Reedy
Summary
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube