BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//hack-lu-2025//talk//HBRVAC
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-hack-lu-2025-HBRVAC@pretalx.com
DTSTART;TZID=CET:20251022T144500
DTEND;TZID=CET:20251022T151500
DESCRIPTION:This talk delves into strategies and practices for large-scale 
 security monitoring of Linux systems within enterprise environments. We wi
 ll explore unique challenges posed by Linux-based infrastructures — from
  their highly diverse configurations to their widespread deployment across
  cloud and hybrid landscapes.\n\nWe will discuss how we have addressed the
  need for scalability in our tooling and why integrating our solutions int
 o a SIEM or SOAR platform is critical for effective incident response. Add
 itionally\, we will explain why traditional EDR solutions fell short of me
 eting our requirements and how we instead built a customized\, open-source
 -driven setup leveraging Auditd/Laurel and Velociraptor.\n\nThe presentati
 on will begin with an overview of our threat-based logging and response st
 rategy\, followed by a deep technical dive into the customizations and enh
 ancements we made to the aforementioned tools — many of which have been 
 shared with the community. Special attention will be given to the asset id
 entification features we added to Velociraptor\, enabling us to efficientl
 y operate and respond at scale within complex enterprise environments.
DTSTAMP:20260316T205925Z
LOCATION:Europe
SUMMARY:Security Monitoring and Response in Large Linux Environments - Hend
 rik Schmidt\, Hilko Bengen
URL:https://pretalx.com/hack-lu-2025/talk/HBRVAC/
END:VEVENT
END:VCALENDAR