Thomas Patzke
Thomas has almost 20 years experience in information security and has done lots of stuff in this area, from offensive to defensive security topics. Now he is doing incident response, threat hunting and threat intelligence at the Evonik Cyber Defense Team. Furthermore, he is co-founder of the Sigma project and maintains the open source toolchain (pySigma/Sigma CLI).
Sessions
Sigma is an open and generic format to share log detection signatures. In this hands-on workshop we learn how to write good Sigma rules by developing some for existing threats. It will cover simple rules for detection of single events as well as correlation rules for detection of event relationships.
Building an actionable organization-specific threat landscape for an organization is a challenging task. An useful format has to be chosen, information has to be collected and finally meaningful action should be derived from the created product. This talk describes a pragmatic approach to build such a threat landscape that can be used by various stakeholders and is built from openly available information as well as own observations of the operational security teams. Furthermore, possible follow-up actions are discussed as well as disadvantages and shortcomings of the approach.