Security Operations Workshop

Name: Security Operations Workshop
Start: 2023-05-22T09:00:00+02:00
End: 2023-05-22T17:00:00+02:00
Location: No location set

Starts 22 May 2023, 09:00

Ends 22 May 2023, 17:00

(Timezone - Europe/Berlin)

Virtually Hosted

Description

The SOCtools team (GN5.1 WP8 Task 3) invites you to share your experiences and learn from others running security operations at NRENs. Your feedback and ideas are crucial for deciding the future direction of our work and how to build better security services for everyone.

The conference is fully virtual/remote.

Full agenda and Zoom link available on wiki: SOCtools Workshop May 22nd 2023 - GN5-1 WP8 - GÉANT federated confluence (geant.org)

The presentations and discussions will be based on the four initial use-cases selected by the project as high-value areas:

Building passive/active network asset discovery (aka Shodan, Censys)
Logging efficiently and sufficiently. e.g. how and what to log from Active Directory or different cloud vendors
Blocking indicators of compromise, e.g. solutions like RPZ, endpoint protection systems and so on
Looking up IoCs and acting upon them, e.g. reporting phishing websites

Registration

Participants

Contact

emil.flakk@sikt.no

- 09:00 → 10:00
  
  Introduction 1h
  
  Speaker: Emil Flakk (Uninett)
- 10:00 → 12:00
  
  Doing useful things with IoCs
- 12:00 → 13:00
  
  Lunch break 1h
- 13:00 → 15:00
  
  Network asset scanning
  
  Convener: Emil Flakk (Uninett)
- 15:00 → 16:30
  
  Logging
  
  Convener: Emil Flakk (Uninett)
- 16:30 → 17:00
  
  Lessons learned, final remarks 30m
  
  Speaker: Emil Flakk (Uninett)