Detection Engineering in Gravwell

Logo
Presented by

Gravwell

About this talk

In this video, we will use Gravwell to pivot on several indicators contained in an intelligence report to discover the underlying TTPs that threat actors used within our environment. Then we will take those TTPs and distill them into detection logic that can be rendered back into Gravwell as deployable detections which can be controlled and customized with no-code “Flows”. The purpose of this video is to showcase Gravwell’s search capabilities namely we are aiming to develop queries that will allow us to discover threat actor activity on a proactive basis. In support of this goal we will not be focusing expressly on query logic but rather on the findings surfaced via said queries. We will then transition to the Automation “Flows’ functionality to show how a query can be translated to an automated notification.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (8)
Subscribers (1709)
Gravwell is a data platform with security lake features that enables teams to investigate, collaborate, and analyze data on-demand, from any source — all with unlimited data collection and retention.