I loved today's session - really good to be able to reflect on the wider business aspect of Threat Hunting and Response, and consider that this is a whole-business affair, rather than just the remit of the IT/Technical team. Thank-you all for your questions which really helped inform our conversation.
We mentioned a couple of resources on the session which I wanted to share with you. First up the two documents that Kris and Andrew shared:
And in terms of tools to test your network, we mentioned OpenVAS - https://www.openvas.org/. Go and check it out, and also take a look back at the resources we posted from Seasons 1 + 2 within this forum - some great tools mentioned there to consider as you build out your experience.
Last session tomorrow and as I mentioned it's really going to be driven by your questions - come ready with what you need to know, and we'll get through as much as we can in the 'Ask The Expert' session. There's even some fantastic prizes on offer!
Now, off to think about that Incident Reponse plan!
Another good site for Blue Team exercises is https://cyberdefenders.org/.