Security Operations Workshop

Starts
Ends
(Timezone - Europe/Berlin)
Virtually Hosted
Description

The SOCtools team (GN5.1 WP8 Task 3) invites you to share your experiences and learn from others running security operations at NRENs. Your feedback and ideas are crucial for deciding the future direction of our work and how to build better security services for everyone.

The conference is fully virtual/remote.

Full agenda and Zoom link available on wiki: SOCtools Workshop May 22nd 2023 - GN5-1 WP8 - GÉANT federated confluence (geant.org)

The presentations and discussions will be based on the four initial use-cases selected by the project as high-value areas:

  • Building passive/active network asset discovery (aka Shodan, Censys)
  • Logging efficiently and sufficiently. e.g. how and what to log from Active Directory or different cloud vendors
  • Blocking indicators of compromise, e.g. solutions like RPZ, endpoint protection systems and so on
  • Looking up IoCs and acting upon them, e.g. reporting phishing websites
Registration
Participants
    • 9:00 AM 10:00 AM
      Introduction 1h
      Speaker: Emil Flakk (Uninett)
    • 10:00 AM 12:00 PM
      Doing useful things with IoCs
    • 12:00 PM 1:00 PM
      Lunch break 1h
    • 1:00 PM 3:00 PM
      Network asset scanning
      Convener: Emil Flakk (Uninett)
    • 3:00 PM 4:30 PM
      Logging
      Convener: Emil Flakk (Uninett)
    • 4:30 PM 5:00 PM
      Lessons learned, final remarks 30m
      Speaker: Emil Flakk (Uninett)