Staying on-top of the latest adversarial methodologies means quickly adjusting to new TTPs and requires a thorough and constant understanding of your own detection capabilities. Given a rapidly changing, dynamic environment, this level of attention can't be a manual process, it requires the magic of automation.
If you couldn't tell by now, we love Graylog. We may have mentioned them a time or two :)
I tweeted this the other day, and had a lot of folks reach out asking for more details/a diagram of this setup.
Part of our job at Recon relies on fine tuning our threat signatures that make up the bulk of our pipeline rules in our Graylog environment.
The Recon incident response team recently worked an intrusion case involving a Confluence web application server that was affected by CVE-2019-3396.
We're very excited to announce that we'll be bringing our NDR training to Black Hat this year! Come join us for the Network Defense Range Crucible - Live Adversary Detection and Incident Response during Black Hat 2019 Trainings!