One Network Evidence Library: An Industry of Detection and Response

Transform network and cloud traffic into evidence so that data-first defenders can stay ahead of ever-changing attacks. Our belief is that a global community of contributors leveraging Zeek and Surricata, whether open-source or via Corelight, can establish a standard library of network evidence for security teams that is second to none, a library that can be easily leveraged by an industry of detection and response (XDR) platforms and teams. Rob Carlsen, Lead Security Engineer at OmniSOC, will discuss this approach and review how OmniSOC leverages this approach with review of real investigations within their member organizations.