Permalink
Fetching contributors…
Cannot retrieve contributors at this time
62 lines (41 sloc) 2.02 KB
layout title type track technology related-to status when-day when-time location organizers participants outcomes
blocks/working-session
Security Monitoring Playbooks
workshop
Security Playbooks
need-working materials
Wed
PM-3
Room-5
Johan Peeters
Johan Peeters
not-found

Why

Security monitoring is a very complex activity, but Playbooks can help to define what to do and what to look for.

Here is how Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy defines Playbooks:

Our Playbook is our answer to this complexity. At its heart, it’s a collection of “plays” that each generate a report from some set of data sources. The thing about plays that makes them so useful is that they aren’t just some complex query or code to find bad stuff.

Plays are self-contained, fully documented prescriptive procedures for finding some sort of undesired activity.

By building the documentation into the play we’ve directly coupled the motivation for the play, how it gets analyzed, the specific query for it, and any additional information needed to both run the play and act upon the report results.

The Working Session will create Security Monitoring Playbooks.

What

  • Create Security Monitoring Playbooks for use by the Community

Outcomes

  • Security Monitoring Playbooks

Who

The target audience for this Working Session is:

  • Security professionals
  • SOC specialists

References


Working materials

Here are the current 'work in progress' materials for this session

(please add as much information as possible before the sessions)

Content

...add content...