Tim Yeh, working at AWS Taiwan as a Security Solution Architecture, and also a senior threat researcher motivated by interest, has more than ten years cyber security experience. Right now Mainly focuses on Cloud Security and threat intelligence. Also focous on APT research, and IoT research, including hardware and software reversing and hacking, malware campaign finding, incident response, penetration test, and MITRE red / blue team ATT & CK. He also gave talks in HITCON, CodeBlue, HITB, FIRST, BotConf, CloudSec, and ITHOME Cybersec.
In the process of incident response, the cybersecurity blue team often needs to conduct a large amount of analysis, including extensive log analysis for cloud events. This presentation mainly shares how to use open source tools for analysis. This includes the mention of SOF-ELK, the open-source forensics project by SANS utilizing Elasticsearch, the use of Graylog + OpenSearch for SIEM analysis, and ways to quickly analyze malicious logs by incorporating established Sigma Rules and other blue team knowledge.
CYBERSEC 2024 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。