• Track C: Saturday 1300-1700

Hands-on exercise setting up a lab for stimulus-response based alert writing using the free version of Splunk as a SIEM. Includes installation of Splunk log forwarder, Splunk Enterprise GUI console, log forwarding configuration, log normalization, stimulus-response activities, log review, and alert writing. Methodology good for Blue Teams looking to build alerts based on actual attack output; good for Red Teams looking to understand the output from their activities.


VirtualBox VMs will be provided with networking pre-configured. Hands-on familiarity with basic *nix command line strongly encouraged. Enough CPU/RAM to support at least 1 VM, either *nix or Windows, whichever is least similar to the host OS.

Reg Closed

Mary Cordova has worked in the threat detection and response space for various industry leaders in gaming, media, and entertainment. She lurks around several L.A. based infosec communities.

Read More

twitter @cyphoid_mary

© 2020 ShellCon