•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Threat Intelligence
Vulnerability Management
Incident Response
Continuous Monitoring
•
•
•
TTPs
Tools
Network/Host Artifacts
Domains
IP Addresses
Hash Values
• http://detect-
respond.blogspot.com/2013/03/t
he-pyramid-of-pain.html
• Written by David J
Bianco
USE
CASE:
Windows
EventID
USE CASE:
Scanning
USE CASE: Log into
disabled accounts
USE CASE: C2/
Configuration
Changes
USE CASE: PowerShell
download and execution
•
•
••
•
•
•
• HTTPS://WWW.SPLUNK.COM/BLOG/2017/08/07/PEEPING-THROUGH-WINDOWS-LOGS.HTML
•
•
• HTTPS://WWW.SPLUNK.COM/BLOG/2017/07/06/HUNTI
NG-WITH-SPLUNK-THE-BASICS.HTML
•
•
• HTTPS://WWW.SPLUNK.COM/BLOG/2017/11/0
3/YOU-CAN-T-HYDE-FROM-DR-LEVENSHTEIN-
WHEN-YOU-USE-URL-TOOLBOX.HTML
•
•
•
•
• HTTPS://WWW.SECUREWORKS.COM/RESEARCH/SAKULA-MALWARE-FAMILY
•
• HTTPS://WWW.SPLUNK.COM/BLOG/2018/03/20/HUNTIN
G-YOUR-DNS-DRAGONS.HTML
•
•
• HTTPS://WWW.SPLUNK.COM/BLOG/2018/03/20/H
UNTING-YOUR-DNS-DRAGONS.HTML
•
•
•
Recommended
![Deep Learning Face Attributes in the Wild › papers › faceattributes_supp.pdfes (FaceTracer [1], PANDA-w [1] and PANDA-l [1]) by 8, 10 and 3 percent on average, respectively. It](https://img.pdfslide.us/doc/110x75/5f16e93c5f4d5201103e7179/deep-learning-face-attributes-in-the-wild-a-papers-a-faceattributessupppdf.jpg)
