BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesaugusta2023//speaker//QNCTLT
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesaugusta2023-FMV8EP@pretalx.com
DTSTART;TZID=EST:20231007T111500
DTEND;TZID=EST:20231007T114500
DESCRIPTION:Process Auditing is a powerful tool in the detection toolbox. A
 ccording to @Cyb3rWard0g’s  research\, the vast majority of the adversar
 ial techniques in the ATT&CK framework can be detected with process auditi
 ng. Unfortunately\, this power comes with a price - process auditing gener
 ates a lot of results that can be overwhelming to sift through.\n\nIn this
  presentation\, we will walk through a practical option to handle these pr
 oblems using Security Onion’s Elastic Agent integration as an example. S
 pecifically\, we will use @SwiftOnSecurity Sysmon configuration as a sourc
 e filter and convert it into a format that can be used by Security Onion t
 o filter out known-good results.
DTSTAMP:20260309T205500Z
LOCATION:Track 2
SUMMARY:Applying Sysmon-type filtering to Elastic Agent Process Auditing - 
 Josh Brower
URL:https://pretalx.com/bsidesaugusta2023/talk/FMV8EP/
END:VEVENT
END:VCALENDAR