Security Operations Workshop

(Timezone - Europe/Berlin)
Virtually Hosted

The SOCtools team (GN5.1 WP8 Task 3) invites you to share your experiences and learn from others running security operations at NRENs. Your feedback and ideas are crucial for deciding the future direction of our work and how to build better security services for everyone.

The conference is fully virtual/remote.

Full agenda and Zoom link available on wiki: SOCtools Workshop May 22nd 2023 - GN5-1 WP8 - GÉANT federated confluence (

The presentations and discussions will be based on the four initial use-cases selected by the project as high-value areas:

  • Building passive/active network asset discovery (aka Shodan, Censys)
  • Logging efficiently and sufficiently. e.g. how and what to log from Active Directory or different cloud vendors
  • Blocking indicators of compromise, e.g. solutions like RPZ, endpoint protection systems and so on
  • Looking up IoCs and acting upon them, e.g. reporting phishing websites
    • 1
      Speaker: Emil Flakk (Uninett)
    • Doing useful things with IoCs
    • 12:00 PM
      Lunch break
    • Network asset scanning
      Convener: Emil Flakk (Uninett)
    • Logging
      Convener: Emil Flakk (Uninett)
    • 2
      Lessons learned, final remarks
      Speaker: Emil Flakk (Uninett)