"Prioritizing collection and validating visibility the (mostly) free way"
Presented by Adam Mashinchi, Director of Open Source Projects
Identifying the right data sources for collection is a behemoth problem on its own, one that becomes exponentially more complicated as you start operationalizing your visibility to develop functional security controls.
In this short talk, we’re going to explain how you can use openly available intelligence from Red Canary’s 2021 Threat Detection Report to prioritize data sources for collection. We will then show you how you can use freely available tools like Atomic Red Team and Sysmon to generate innocuous telemetry and validate visibility respectively.