April 2022 – Exploring Data Outside the SIEM

Spring is here and so are the taxes.   If you’re looking for a break from taxes and want to gather with some likeminded IT Security professionals join us for our next RISE meeting.   Our next meeting will be with our own Aaron McPhall at R&K Solutions. This month Aaron is asking: 

Have you ever found a new data source on your network, and ever wonder? 

·  What is this data and how could it help me?

·  How would I load this data into my SIEM?

·  Is this worth the time and effort for it to go into my SIEM?

·  How could I compare this data to what is already in my SIEM?

As network defenders, we rely on data from devices to tell a story of what is happening in our network.  We often have important datasets loaded at our fingertips, but there is always more out there.  Perhaps we even have a different story to tell, one that involves a complex story where we need to bring in data from esoteric sources. 

In our next talk, Aaron McPhall will walk through how he processes data outside any SIEM.  He will first introduce the concept of hunting, using resources from Sqrrl, to help formalize the process. Building on this, he will describe common data frameworks and methodologies to process data.  He will hopefully be able to demonstrate concepts that focus around open source tools (not a spreadsheet!) that you can easily install and use. 

Also we need a slightly experienced person to manage our social media and web presence. If you are interested let us know at info@roanokeinfosec.com. This is not a paid position, but you will be recognized as a major contributor to the RISE team and really isn’t that incentive enough?

Hope to see you all Thursday the 14th!   

Speaker Bio: 

Aaron McPhall is cybersecurity professional working in the Roanoke area.  Aaron started off as a Network/System Admin back in 2006 and has worked various IT and Security related roles, including Security {Engineering, Architecture, Research, Incident Response}.  Aaron has been a RISE member for 4 years and recently joined as a member of the RISE advisory board in 2022.     

R&K Solutions in Roanoke VA. 

April 14th, 2022 @ 5:30 PM 

R&K Solutions 
2797 Frontage Rd NW Ste 1000 
Roanoke, VA 24017 

Enter on the right side of the building