README.md

ELK-Hunting

Threat Hunting with ELK Workshop (InfoSecWorld 2017 and TBD)

Slides

• Contact us if you would like a copy.

Download ELK VM

• Contact us if you would like a copy. Alternatively, simply install the ELK stack in a Linux distro of your choice (bare metal or VM).

Sysmon

• https://technet.microsoft.com/en-us/sysinternals/sysmon
• https://www.rsaconference.com/events/us17/agenda/sessions/7516-How-to-Go-from-Responding-to-Hunting-with-Sysinternals-Sysmon

Credits

Sample data from:

• http://rabidio.com/
• http://www.secrepo.com/
• http://www.malware-traffic-analysis.net/