Please understand any Automated System could be fooled let me explain ? So you build an algorithm that when certain logs are generated block those connections or IP ( bad example ) So what's happening behind the scenes may calls being made on kernel level what if you exploited some calls ? We all know about Log4J and it's used in many security tools . So what's the idea build a system but have manual intervention every now and then .
Links from the talk - taosecurity.blogspot.com/2017/03/the-origin-of-threat-hunting.html www.threathunting.net/ www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785 ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf
Please understand any Automated System could be fooled let me explain ?
So you build an algorithm that when certain logs are generated block those connections or IP ( bad example )
So what's happening behind the scenes may calls being made on kernel level what if you exploited some calls ?
We all know about Log4J and it's used in many security tools .
So what's the idea build a system but have manual intervention every now and then .
Links from the talk -
taosecurity.blogspot.com/2017/03/the-origin-of-threat-hunting.html
www.threathunting.net/
www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785
ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf