Re-Imagining Incident Response with Velociraptor
08-27, 16:00–16:50 (US/Eastern), Room 402 - "Re-Imagine" track

Can you imagine easily investigating alerts or triaging hosts – even thousands at once – using a single cross-platform, lightweight, open source tool?

Can you imagine quickly dissecting adversary activity and locating malware through YARA, Sigma, process memory scanning, and more?

Can you imagine then actively responding to an infection by quarantining hosts, removing persistence mechanisms, and performing overall remediation using your favorite commands or tools using the same tool?

Can you imagine post-processing and reducing the result set using the same tool, or easily shipping the data off to s3, Elastic, Splunk or other platforms to tie in with other types of data?

It's time to re-imagine the level of effort, expertise, and funding necessary to keep the enterprise safe. It's time to learn more about Velociraptor. This presentation will provide several examples of how this open source tool platform can be used for threat hunting, detection, and incident response.

Attendees will walk away with an immediate understanding of how they can start using Velociraptor to monitor for, investigate, and respond to evildoers in their environment.

Wes Lambert is a Principal Engineer at Security Onion Solutions, where he helps companies to implement enterprise security monitoring solutions and better understand their computer networks. He is a huge fan of open source software projects, and loves to solve problems and enhance organizational security using completely free and easily deployable tools.