Hope you all enjoyed today's session - I love seeing this end of the chain; as Ben said on the EMEA session, this is the 'fun' bit where everything we've learnt so far comes together!
Here's links to a few resources that we mentioned today:
And here's a link to an article comparing SIEM to MTR - building on what Kris spoke to in our session this afternoon. https://partnernews.sophos.com/en-us/2020/02/products/mtr-or-siem/
Anything else you need, let us know in the comments below!
Hey Bartosz, we didn't post up any resources from session 6 as it was the Live Threat Hunt exercise. You can find the full session recording here though if you want to catch up or review - https://events.sophos.com/threatacademyondemand
Sorry for digging this out. Are recourses from session 6 still available somewhere?
Just to notice that the original PowerShell Empire hasn't been supported since 2019 so maybe share the link to the forked version by BC Security?
So many acronyms, SOAR - Security Orchestration Automation and Response.
The best example of SOAR is "The Hive Project" https://thehive-project.org/, it's easy to get up and running and using respondents you can get a security event and automate the response based on the type of event that you're dealing with.
Yes of course! I'll ask Ben to share a link or two for you to do more reading.