BHIS | Your Free and Open Source EDR Options! | John Strand | 1 Hour
Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- www.blackhillsinfosec.com/ 0:00:00 - FEATURE PRESENTATION: Your Free & Open EDR Options!
02:03 - Why We here?
04:46 - EDR? Like that there electronic music?
11:48 - Vendors
14:21 - MITRE Evaluations
19:17 - So, Why EDR?
23:05 - Free and Open Source?
28:48 - OSSEC
31:12 - So, WAZUH
38:28 - Velociraptor
41:09 - DEMO: Velociraptor
48:35 - Vendors and Free/OS
49:57 - Elastic (Formerly Endgame)
55:09 - OPEN EDR - From Comodo
58:41 - Conclusions
1:01:53 - Backdoors and Breaches Virtual
Description: There has been a huge explosion of different free and open-source options for EDR in the security space. Which is nice because the commercial offerings are stupid expensive. In this Black Hills Information Security (BHIS) webcast, we look at OpenEDR, Elastic, and Velociraptor. With all these great options, there is no reason your organization should not have one of these offerings. Further, they are essential for any IR gig you may do.
You may be a shop that is looking at commercial offerings, however, you should always look at the free offerings first. Remember, you are not paying for what the commercial product offers, you are paying for what it does versus what the free offerings do not.
Slidess1hb.sharepoint.com/:b:/g/Con...
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest KZread: / wildwesthackinfest
Active Countermeasures KZread: / activecountermeasures
Antisyphon Training KZread: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#bhis #infosec
Пікірлер: 15
New BHIS drinking game if John references SANS take a shot.
This was a phenomenal down to earth presentation on EDR options. Thank you for taking the time to record this.
Incredible, I searched for this information for a long , Black Hills you are the best
Amazing company and show.
This is amazing.... thanks so much for talking about this. subbed!
This will help a lot of folks! Great explanation, keep making more and more videos.
@BlackHillsInformationSecurity
Жыл бұрын
We will strive to do so! We got more in store for 2023!
Hi this a good video !! Can you comment about Alienvault USM Anywhere and OSSIM please ?
Has anyone used openEDR and is there a cost associated with the cloud console ?
Hi John and team... Have you all seen any significant developments in the Open Source EDR realm?
@BlackHillsInformationSecurity
Жыл бұрын
As of this comment's timestamp, no, nothing significant. John's recommendation is to use wazuh. wazuh.com
@hptc4400
Жыл бұрын
@@BlackHillsInformationSecurity Thank you very much, appreciated!
How do you have 5k views and only 1 comment!!? anywho. I am interested in what you use on your personal machines for edr/av ? is edr I am looking for a solution to tak over my current av
They don’t suck at capitalism, they excel at 53:46 it!
@50:00 every company spends a ton of money acquiring great startups then genericifies the name to something completely unmemorable