"Hunting PCAP Data with Splunk"

"Hunting PCAP Data with Splunk"

Abstract: Splunk can be a very powerful tool to hunt on networks. In this presentation we'll take some data PCAP in a Splunk VM, process it down using Bro, and run a few hunting exercises to find the evil packets after they've been boiled down to text. We'll talk through the process and some tips and tricks with Bro data and how to use the Bro TA in Splunk.

Bio: Matt Ahrens is a widely recognized expert at investigating data breaches, Matt has more than 15 years' experience leading investigations of breaches involving distributed denial-of-service (DDoS) attacks, ransomware, and targeted threat actors. Earlier in his career, Matt led incident responses, managed security operations, and developed security products for companies including LivingSocial and Neustar. Formerly certified as a Qualified Incident Response Assessor (QIRA) and a Qualified Security Assessor (QSA), Matt is a frequent speaker on cyber security topics, including threat intelligence, risk management, and the Internet of Things.