AlienVault, profile picture
Uploaded byAlienVault
PPTX, PDF1,559 views

Incident response live demo slides final

The document provides an overview of investigations in cybersecurity, including what they are, how to initiate them, and the importance of documentation. It covers processes such as gathering information, alarm patterns, and various monitoring techniques, emphasizing the use of a unified security management platform for threat detection and incident response. Additionally, it highlights the need for preparation in investigations and available tools for threat intelligence.

Embed presentation

Downloaded 59 times
Agenda Investigations • What are they? • What questions can they answer? • Is the number 42 always relevant? Investigation Walk-Throughs • This won’t be all slides…we promise.. Recap
What is an Investigation? An Investigation is the act of ascertaining facts A careful examination Or simply it answers: “What do I do?” And there is a result……..sometimes
What Initiates an Investigation? Someone asks you • Hey I think PlayStation network is down? You see something unusual • Ever get that feeling someone is watching you? • Certain patterns of logs • New Assets Alarms! • More..
..but what does it all mean?
What is an Alarm? An alarm is a pattern of activity that should be investigated • The logic that creates an alarm is customizable Inside a SIEM an alarm could be • A single event • A series of events • Event quantity • ..and more
Process of an Investigation Gather Information Follow the trail Look for Clues Determine severity
Am I Finished? Do you know what to do? What does the IRP say? Hint: no you aren’t
Document it! If it’s not in a Ticket– it didn’t happen!
Why is Documentation Important? Avoid Repetition Avoid Repetition (yes we repeated this) Share Information Liability Find patterns Find anomalies or outliers Find misconfigurations or unapproved changes
Demo Time Show me the packets!
ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE/SIEM • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • File Integrity Monitoring USM Platform Integrated, Essential Security Controls
Unified Security Management Platform A single platform for simplified, accelerated threat detection, incident response & policy compliance AlienVault Labs Threat Intelligence Correlation rules and directives written by our AlienVault Labs team and displayed through the USM interface Open Threat Exchange The world’s largest repository of crowd-sourced threat data providing a continuous view of real time threats that may have penetrated the company’s defenses. Unified Security Management
Demo Time Show me the packets!
Recap It’s important to know what the alarm is Use search filters to help you prioritize investigations Use policy to filter alarms you don’t need to re-investigate Even though it’s familiar you still need to investigate Have a plan for what you could find (IRP) Write stuff down….
888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Now for some Questions.. Questions? Hello@AlienVault.com Twitter : @alienvault Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Check out our 15-Day Trial of USM for AWS https://www.alienvault.com/free-trial/usm-for-aws Try our Interactive Demo Site http://www.alienvault.com/live-demo-site

More Related Content

PPTX
Alienvault threat alerts in spiceworks
byAlienVault
 
PPTX
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
PPTX
Improve threat detection with hids and alien vault usm
byAlienVault
 
PPTX
Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 
PPTX
Improve Situational Awareness for Federal Government with AlienVault USM
byAlienVault
 
PPTX
Malware detection how to spot infections early with alien vault usm
byAlienVault
 
PPTX
IDS for Security Analysts: How to Get Actionable Insights from your IDS
byAlienVault
 
PPTX
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
byAlienVault
 
Alienvault threat alerts in spiceworks
byAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
Improve threat detection with hids and alien vault usm
byAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
byAlienVault
 
Malware detection how to spot infections early with alien vault usm
byAlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
byAlienVault
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
byAlienVault
 

What's hot

PPTX
How to Solve Your Top IT Security Reporting Challenges with AlienVault
byAlienVault
 
PPTX
How Malware Works
byAlienVault
 
PPTX
How to Detect System Compromise & Data Exfiltration with AlienVault USM
byAlienVault
 
PDF
Modern vs. Traditional SIEM
byAlert Logic
 
PPTX
Improve Threat Detection with OSSEC and AlienVault USM
byAlienVault
 
PPTX
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
byAlienVault
 
PPTX
Beginner's Guide to SIEM
byAlienVault
 
PDF
20 Security Controls for the Cloud
byNetStandard
 
PPTX
Otx introduction sw
byAlienVault
 
PPTX
How to Detect SQL Injections & XSS Attacks with AlienVault USM
byAlienVault
 
PDF
Open Source IDS Tools: A Beginner's Guide
byAlienVault
 
PDF
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
byAlienVault
 
PPTX
Improve Security Visibility with AlienVault USM Correlation Directives
byAlienVault
 
PPTX
Creating Correlation Rules in AlienVault
byAlienVault
 
PPTX
Six Steps to SIEM Success
byAlienVault
 
PPTX
How to Simplify Audit Compliance with Unified Security Management
byAlienVault
 
PPTX
Automating Critical Security Controls for Threat Remediation and Compliance
byQualys
 
PPTX
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
byAlienVault
 
PPTX
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
PDF
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
byRisk Analysis Consultants, s.r.o.
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
byAlienVault
 
How Malware Works
byAlienVault
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
byAlienVault
 
Modern vs. Traditional SIEM
byAlert Logic
 
Improve Threat Detection with OSSEC and AlienVault USM
byAlienVault
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
byAlienVault
 
Beginner's Guide to SIEM
byAlienVault
 
20 Security Controls for the Cloud
byNetStandard
 
Otx introduction sw
byAlienVault
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
byAlienVault
 
Open Source IDS Tools: A Beginner's Guide
byAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
byAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
byAlienVault
 
Creating Correlation Rules in AlienVault
byAlienVault
 
Six Steps to SIEM Success
byAlienVault
 
How to Simplify Audit Compliance with Unified Security Management
byAlienVault
 
Automating Critical Security Controls for Threat Remediation and Compliance
byQualys
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
byAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
byRisk Analysis Consultants, s.r.o.
 

Viewers also liked

PDF
Security operations center 5 security controls
byAlienVault
 
PDF
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
PDF
Insider Threat Detection Recommendations
byAlienVault
 
PPTX
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
byAlienVault
 
PPSX
HP ArcSight
byMohamed Zohair
 
PDF
Alien vault sans cyber threat intelligence
byAlienVault
 
PDF
The State of Incident Response - INFOGRAPHIC
byAlienVault
 
Security operations center 5 security controls
byAlienVault
 
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
Insider Threat Detection Recommendations
byAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
byAlienVault
 
HP ArcSight
byMohamed Zohair
 
Alien vault sans cyber threat intelligence
byAlienVault
 
The State of Incident Response - INFOGRAPHIC
byAlienVault
 

Similar to Incident response live demo slides final

PPTX
Vulnerability Management: What You Need to Know to Prioritize Risk
byAlienVault
 
PPTX
Tips on SIEM Ops 2015
byAnton Chuvakin
 
PPT
Security Outsourcing - Couples Counseling - Atif Ghauri
byAtif Ghauri
 
PPTX
Generic siem how_2017
byAnton Chuvakin
 
PDF
Cybersecurity Series SEIM Log Analysis
byJim Kaplan CIA CFE
 
PPTX
How to Investigate Threat Alerts in Spiceworks!
byAlienVault
 
PPTX
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
PPTX
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
byAlienVault
 
PPTX
Karunia Wijaya - Proactive Incident Handling
byIndonesia Honeynet Chapter
 
PDF
SIEM evaluator guide for soc analyst
byInfosecTrain
 
PPTX
SIEM - Your Complete IT Security Arsenal
byManageEngine EventLog Analyzer
 
PPTX
From Zero to SOC: Designing Effective Threat Detection & Incident Response
byReZa AdineH
 
PDF
G05.2013 Security Information and Event Management
bySatya Harish
 
PPTX
SpiceWorks Webinar: Whose logs, what logs, why logs
byAlienVault
 
PPTX
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
byAlienVault
 
PDF
Incident Response Whitepaper - AlienVault
byJermund Ottermo
 
PDF
You have a SIEM! And now?
byXavier Mertens
 
PPTX
5 Steps to an Effective Vulnerability Management Program
byTripwire
 
PPTX
Securing Systems - Still Crazy After All These Years
byAdrian Sanabria
 
DOCX
Overall Security Process Review CISC 6621Agend.docx
bykarlhennesey
 
Vulnerability Management: What You Need to Know to Prioritize Risk
byAlienVault
 
Tips on SIEM Ops 2015
byAnton Chuvakin
 
Security Outsourcing - Couples Counseling - Atif Ghauri
byAtif Ghauri
 
Generic siem how_2017
byAnton Chuvakin
 
Cybersecurity Series SEIM Log Analysis
byJim Kaplan CIA CFE
 
How to Investigate Threat Alerts in Spiceworks!
byAlienVault
 
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
byAlienVault
 
Karunia Wijaya - Proactive Incident Handling
byIndonesia Honeynet Chapter
 
SIEM evaluator guide for soc analyst
byInfosecTrain
 
SIEM - Your Complete IT Security Arsenal
byManageEngine EventLog Analyzer
 
From Zero to SOC: Designing Effective Threat Detection & Incident Response
byReZa AdineH
 
G05.2013 Security Information and Event Management
bySatya Harish
 
SpiceWorks Webinar: Whose logs, what logs, why logs
byAlienVault
 
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
byAlienVault
 
Incident Response Whitepaper - AlienVault
byJermund Ottermo
 
You have a SIEM! And now?
byXavier Mertens
 
5 Steps to an Effective Vulnerability Management Program
byTripwire
 
Securing Systems - Still Crazy After All These Years
byAdrian Sanabria
 
Overall Security Process Review CISC 6621Agend.docx
bykarlhennesey
 

More from AlienVault

PPTX
Best Practices for Configuring Your OSSIM Installation
byAlienVault
 
PPTX
Spice world 2014 hacker smackdown
byAlienVault
 
PPTX
Demo how to detect ransomware with alien vault usm_gg
byAlienVault
 
PPTX
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
byAlienVault
 
PPTX
Security by Collaboration: Rethinking Red Teams versus Blue Teams
byAlienVault
 
PDF
Malware Invaders - Is Your OS at Risk?
byAlienVault
 
Best Practices for Configuring Your OSSIM Installation
byAlienVault
 
Spice world 2014 hacker smackdown
byAlienVault
 
Demo how to detect ransomware with alien vault usm_gg
byAlienVault
 
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
byAlienVault
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
byAlienVault
 
Malware Invaders - Is Your OS at Risk?
byAlienVault
 

Recently uploaded

PDF
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
PPSX
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
PPTX
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
PDF
The Complete Crypto Airdrop Playbook: Strategies, Scams & Success Stories | 3...
by3verseTV
 
PDF
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
PDF
Getting started with Agent Framework.pdf
byNilesh Gule
 
PDF
Database Performance at Scale: The TL;DR
byScyllaDB
 
PDF
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
PPTX
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
PDF
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
PDF
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
PDF
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
PDF
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
PPTX
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
The Complete Crypto Airdrop Playbook: Strategies, Scams & Success Stories | 3...
by3verseTV
 
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
Getting started with Agent Framework.pdf
byNilesh Gule
 
Database Performance at Scale: The TL;DR
byScyllaDB
 
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 

Incident response live demo slides final

  • 2.
    Agenda Investigations • What arethey? • What questions can they answer? • Is the number 42 always relevant? Investigation Walk-Throughs • This won’t be all slides…we promise.. Recap
  • 3.
    What is anInvestigation? An Investigation is the act of ascertaining facts A careful examination Or simply it answers: “What do I do?” And there is a result……..sometimes
  • 4.
    What Initiates anInvestigation? Someone asks you • Hey I think PlayStation network is down? You see something unusual • Ever get that feeling someone is watching you? • Certain patterns of logs • New Assets Alarms! • More..
  • 5.
    ..but what doesit all mean?
  • 6.
    What is anAlarm? An alarm is a pattern of activity that should be investigated • The logic that creates an alarm is customizable Inside a SIEM an alarm could be • A single event • A series of events • Event quantity • ..and more
  • 7.
    Process of anInvestigation Gather Information Follow the trail Look for Clues Determine severity
  • 8.
    Am I Finished? Doyou know what to do? What does the IRP say? Hint: no you aren’t
  • 9.
    Document it! If it’snot in a Ticket– it didn’t happen!
  • 10.
    Why is DocumentationImportant? Avoid Repetition Avoid Repetition (yes we repeated this) Share Information Liability Find patterns Find anomalies or outliers Find misconfigurations or unapproved changes
  • 11.
    Demo Time Show methe packets!
  • 12.
    ASSET DISCOVERY • ActiveNetwork Scanning • Passive Network Scanning • Asset Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE/SIEM • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • File Integrity Monitoring USM Platform Integrated, Essential Security Controls
  • 13.
    Unified Security ManagementPlatform A single platform for simplified, accelerated threat detection, incident response & policy compliance AlienVault Labs Threat Intelligence Correlation rules and directives written by our AlienVault Labs team and displayed through the USM interface Open Threat Exchange The world’s largest repository of crowd-sourced threat data providing a continuous view of real time threats that may have penetrated the company’s defenses. Unified Security Management
  • 14.
    Demo Time Show methe packets!
  • 15.
    Recap It’s important toknow what the alarm is Use search filters to help you prioritize investigations Use policy to filter alarms you don’t need to re-investigate Even though it’s familiar you still need to investigate Have a plan for what you could find (IRP) Write stuff down….
  • 16.
    888.613.6023 ALIENVAULT.COM CONTACT US [email protected] Now forsome Questions.. Questions? [email protected] Twitter : @alienvault Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Check out our 15-Day Trial of USM for AWS https://www.alienvault.com/free-trial/usm-for-aws Try our Interactive Demo Site http://www.alienvault.com/live-demo-site