Explore advanced SOC techniques in this conference talk focusing on enterprise blueprinting, automation, and threat hunting using open-source tools. Gain insights into building comprehensive network visibility, reducing SOC fatigue through task automation, and conducting effective hunts for unknown threats. Learn to leverage native operating system tools and osquery for network blueprinting, implement automation strategies for critical tasks, and utilize properly collected and organized data for advanced threat detection. Discover methods for analyzing low prevalence executables, leveraging OsQuery for ARP data collection, and implementing Docker and Filebeat for efficient data management. Delve into statistical analysis techniques for threat hunting, including methodologies for identifying uncommon environmental OUIs and executable prevalence. Master the art of filtering data, conducting mass searches, and uncover real-world examples of threat detection through the examination of specific executables like PLink. Read more