This year will feature a day of training on Thursday June 8th, 2017.
As a training attendee, your morning will start with Apache Metron training and follow with 'Boss of the SOC CTF'.
In this training we will cover applied data analysis and visualization tools and techniques. The primary focus will be to learn data science fundamentals, and then to cover two tools, RITA and Apache Metron.
RITA is an open source network traffic analysis framework that ingests logs, and analyzes them looking for beaconing, suspicious traffic, and scanning with many more features coming soon.
Apache Metron (incubating) is an open source technology that integrates a variety of big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.
Boss of the SOC CTF
Boss of the SOC is a blue-team capture the flag(CTF) competition where contestants play the part of a security operation center(SOC) analyst investigating real-world security incidents. You'll be presented with questions of varying difficulty and compete to see who can answer the most and the fastest. In your quest to become Boss of the SOC, you'll be armed with detailed incident data gathered from the target environment using Splunk, related background information, and open source intelligence sources to answer a series of questions as quickly and accurately as you can. Prizes will be awarded for the competitors who score the most points, and experienced coaches will be on hand to provide tips along the way. Boss of the SOC is a friendly, fun, supportive activity! This event uses Splunk software, however the emphasis is on developing broadly applicable security incident investigation and hunting skills.
Want to learn a little about Splunk and get some pertinent hands-on experience before the event? Check out this self-paced online hands-on demo experience: https://www.splunk.com/en_us/form/security-investigation-online-experience-endpoint.html
Training will be at the Hyatt North Shore at 260 North Shore Drive.