Building a Blue Team's Cloud Incident Response Forensics Knowledge Base Tool Using Open Source

5/15 (Wed.) 16:30 - 17:00 7F 701B

Building a Blue Team's Cloud Incident Response Forensics Knowledge Base Tool Using Open Source

In the process of incident response, the cybersecurity blue team often needs to conduct a large amount of analysis, including extensive log analysis for cloud events. This presentation mainly shares how to use open source tools for analysis. This includes the mention of SOF-ELK, the open-source forensics project by SANS utilizing Elasticsearch, the use of Graylog + OpenSearch for SIEM analysis, and ways to quickly analyze malicious logs by incorporating established Sigma Rules and other blue team knowledge.

SPEAKER

Tim Yeh

Security Solution Architect

AWS Taiwan

TOPIC / TRACK
SecOps Forum

LOCATION
Taipei Nangang Exhibition Center, Hall 2
7F 701B

LEVEL
Advanced Advanced sessions explore cybersecurity topics, including architecture, tools, practical experiences, and strategy comparisons. Content often features code explanations, protocol analysis, reverse engineering, live demos, and is suitable for experienced cybersecurity professionals.

SESSION TYPE
Breakout Session

LANGUAGE
Chinese

SUBTOPIC
Cloud Security
SIEM
Blue Team

Download the slides

More Session

Nick Cheng / Customer Engineer Google Cloud

SBOM Ready? Analyzing SBOM for Critical Infrastructure Industry

Yenting Lee / Sr. Threat Researcher TXOne Networks

Static strategy stale? ECU cybersecurity design approach in the SDV era

Ian Chu / Architect VicOne

Threat Modeling for Beginners

Cheng-Yu Yu / Senior Software Engineer Appier

資安風險管理：最佳化方法於資安治理決策的應用

Greg Chou / Project Director ACSI Cyber Security Academy, ACAD

Falcon Data Protection : 資料外洩防護功能介紹

Peter Fan / Cyber Security Specialist CrowdStrike North Asia