Intrusion detection, Threat hunting

PCAPS Or It Didn’t Happen- Corey Thuen – PSW #654

June 5, 2020

Sponsored By

sponsor
Visit https://securityweekly.com/gravwell for more information!

Threat hunting activities often require packet capture analysis but capturing and storing PCAP at scale is rough. This segment covers open source tools for collecting packet captures on demand within a threat hunting use case in Gravwell.

To learn more about Gravwell, visit: https://securityweekly.com/gravwell
To check out Packet Fleet, visit: https://github.com/gravwell/ingesters/tree/master/PacketFleetVisit https://www.securityweekly.com/psw for all the latest episodes!
Full Episode Show Notes

PCAPS Or It Didn't Happen- Corey Thuen

https://github.com/gravwell/ingesters/tree/master/PacketFleet

https://github.com/google/stenographer

https://www.gravwell.io/blog/pcap-collection-and-analysis-on-demand-with-gravwell-packet-fleet

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Doug White Doug White - Professor[/caption] [caption id="attachment_210" align="alignleft" width="120"]Larry Pesce Larry Pesce - Senior Managing Consultant and Director of Research[/caption] [caption id="attachment_210" align="alignleft" width="120"]Lee Neely Lee Neely - Senior Cyber Analyst [/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Tyler Robinson Tyler Robinson - Managing Director of Network Operations[/caption]

Guests

[caption id="attachment_210" align="alignleft" width="120"]Corey Thuen Corey Thuen - Co-Founder [/caption]

Announcements

  • Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting layer8conference.com and using the promo code "SecurityWeekly" before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!

[audio src="http://traffic.libsyn.com/sw-all/PSW_654_-_Corey_Thuen_Gravwell-0_converted.mp3"]

prestitial ad