Good day, everyone! Thank you for joining us for our topic on threat hunting today at Graylog. Just to let everyone know, we will be waiting for attendees to join as the numbers are increasing quickly. Here are some ways you can connect with us at Graylog: you can sign up for our bi-monthly newsletter to stay updated on content, product updates, and tips and tricks. Additionally, you can follow us on social media, including Twitter, LinkedIn, and Reddit. Be sure to check out the resources section on our website as well.
I’m Jeff Darrington, the Senior Technical Marketing Manager, and with me today are two additional panelists, Abe Abernathy and Nick Carstensen, for a quick round table. Abe, please introduce yourself.
Abe: Hey, everyone! My name is Abe. I got into the security world in the 90s, spending my youth exploring places labeled ‘Do Not Enter’. I later served in cyber operations with the Canadian Armed Forces and now work with a large city. Today, I’ll be discussing threat hunting with Graylog.
Nick: Thanks, Abe. I’m Nick Carstensen, Product Manager here at Graylog. My background is in logging, which I’ve been doing for over 10 years, having worked with various logging products. Back to you, Jeff.
Jeff: Thanks, Nick. I’m Jeff Darrington, and I’ve been in IT security, IT Ops, and product development for over 23 years. I’m excited to share my journey with Graylog and discuss how we can bring positive change with logging. Please note, you can enter questions anytime in the Q&A window, and we’ll address them at the end. A recording of this session will be available next week. Now, on to our demo.
Abe: Hi, I’m Abe, Training Engineer at Graylog. Today, I’ll be giving a brief introduction to threat hunting using Graylog. We’ll focus on basic starting points and indicators of compromise (IOCs). Our example will involve the SolarWinds incident, where we’ll discuss how to identify and manage IOCs using Sysmon. We’ll set up Sysmon and Beats configurations to capture necessary data, enabling proactive monitoring and logging.
We’ll demonstrate how to search for IOCs, build dashboards, and use Graylog’s parameterized dashboards for investigation. Finally, we’ll cover some advanced use cases, including how to handle asset management, lookups, and alerts using Graylog’s powerful tools.