Title: Automating Log Analysis for Threat Detection

Abstract: QUARTERLY INTERACTIVE CYBER ATTACK TRAINING WORKSHOP SERIES
Log analysis plays a critical role in system administration and cybersecurity by helping to detect potential threats, or existing threats, within an organization. However, with the growing number of attack techniques (TTPs) and vulnerabilities, analyzing logs has become increasingly challenging. The Sigma framework offers a standardized approach to creating rules for identifying these evolving threats. Its open structure allows organizations to export rules into multiple formats or generate custom outputs compatible with various SIEM platforms.

In this webinar, attendees explored practical ways to extract logs from systems and leverage Sigma rules to scan and detect potential threats effectively.

Learn to:

1. Understand the Sigma framework and how it provides a standardized method for writing
   detection rules across multiple attack techniques and vulnerabilities.
2. Apply log extraction and analysis techniques to efficiently identify security threats using Sigma
   rules.
3. Enhance SIEM flexibility and efficiency by customizing and exporting Sigma rules to formats
   compatible with various SIEM platforms.

Speakers: Tom Marsland and Dr. Duane Dunston

Bios:
Tom Marsland is a cybersecurity professional with experience in information technology, the nuclear power industry, engineering drills and casualty response, and curriculum design. He served over 22 years in the US Navy as a Nuclear Reactor Operator and Instrumentation and Controls Technician, working in nuclear engine rooms on a myriad of Navy submarine platforms. His final tour of duty was as the head of the nuclear-powered engine room for a fast attack Navy submarine with oversight of the entire propulsion and electric plant, and then as the lead nuclear supervisor for a squadron of three submarines. He has a bachelor’s degree in IT security and a master’s degree in cybersecurity.

Duane Dunston is a Senior Adversarial Engineer at Cloud Range. A former Associate Professor of Cybersecurity at Champlain College, he has been in Information Security since 1997 working in both the education and government sectors. His specializations are in red teaming, blue teaming, threat intelligence, risk management, practical use of cryptography, security education, threat hunting, and using technology for social change. Duane also spent six years as an Incident Responder within the government, and he is a mentor for the Vermont Cyberpatriots Program. Duane holds a BA and MS from Pfeiffer University and earned his doctorate at Northeastern University. He is a frequent contributor to the cybersecurity industry having written dozens of articles, created courses and programs, and spoken at industry events.