Rob Carlsen
Lead Security Engineer,
Indiana University
One Network Evidence Library: An Industry of Detection and Response
Wednesday, May 04, 2022 | 3:15PM–4:00PM ET | Harborside Ballroom A, 4th Floor
Session Type:
Industry Led
Delivery Format:
Presentation/Panel Session
Transform network and cloud traffic into evidence so that data-first defenders can stay ahead of ever-changing attacks. Our belief is that a global community of contributors leveraging Zeek and Surricata, whether open-source or via Corelight, can establish a standard library of network evidence for security teams that is second to none, a library that can be easily leveraged by an industry of detection and response (XDR) platforms and teams. Rob Carlsen, Lead Security Engineer at OmniSOC, will discuss this approach and review how OmniSOC leverages this approach with review of real investigations within their member organizations.
