Ecosystem of Insights: Building Operation Dashboards That Enable Teams

Channel:
United States SANS Cyber Defense
Subscribers:
23,600
Published on ● Video Link: https://www.youtube.com/watch?v=Wjjp870x0CQ


Duration: 30:46
170 views
8

SANS Blue Team Summit 2023
Ecosystem of Insights: Building Operation Dashboards That Enable Teams
Speaker: Ryan Thompson, Senior Researcher, Crowdstrike

So you've bought a next generation SIEM and have done the heavy lifting of ingesting and parsing disparate data from a dozen sources. What happens next? In order to make use of this new platform it requires that analysts become experts in the search syntax, log format and parsing structure across multiple log types. Scaling this skillset out across an entire SOC is difficult if not impossible. Building operational dashboards lowers the barrier for a SOC to get answers from a dataset. It's simply not enough to just throw a handful of widgets onto a "single pane of glass" and call it a day. Building functional dashboards relies on combining the disciplines of data analysis and user experience. When built right, dashboards can do more than simply visualize data, they can enable an entire team/organization to quickly ask questions of data without needing to be an expert with the platform.

View upcoming Summits: http://www.sans.org/u/DuS



Other Videos By SANS Cyber Defense


2023-11-05Unlocking the Digital Landscape: Exploring the Power of OSINT for a Connected World
2023-11-05The Growth of Global Election Disinformation: The Role & Methodology of Govt-linked Cyber Actors
2023-09-12Detection Engineering: The Blue Team Cheat Code | Host: Mark Orlando | September 12, 2023
2023-08-09Hunting for Suspicious HTTPS and TLS Connections
2023-08-03What does it take to author a cybersecurity book?
2023-07-31Join us for the SANS Open-Source Intelligence (OSINT) Summit 2023 - September 22!
2023-07-28The Risk to Space: Satellite Communications Systems and Ground Networks as Attack Targets
2023-07-28Drop It Like It's Qbot Separating malicious droppers, loaders, and crypters from their payloads
2023-07-28Panel | 1%: Tiny Gains producing Big Improvements
2023-07-28Zero Trust Architecture: Beyond Proxy or Point Solutions
2023-07-28Ecosystem of Insights: Building Operation Dashboards That Enable Teams
2023-07-28Bridging the Gap: Improving Rules Effectiveness by Integrating Detection and Response
2023-07-28Blueprint Live - 11 Strategies of a World-Class Cybersecurity Operations Center
2023-07-28Cloudy with a Chance of Breaches: OSINTAdventures in Tracing Exposed Credentials
2023-07-28Hunting OneNote Malware: A Practical Guide for Blue Teams
2023-07-28BlueHound: Blue Teams of the World Unite!
2023-07-28The Cyber Pilfer Chain: detecting and disrupting post-exploitation data theft
2023-07-28Keynote | How to Save Your SOC from Stagnation
2023-07-28Keynote | Leave Only Footprints: When Prevention Fails
2023-07-28Blurple Teaming: Open Source Continuous Security Testing in the SOC
2023-07-18Strategies of a World-Class SOC | Host: John Hubbard | July 18, 2023


Tags:
cyber defense
cyber security
cybersecurity
cybersecurity training
sans blue team summit
blue team summit
blue team
blue teaming
blue team cyber security
blue teaming cyber security
Ryan Thompson
SIEM
security information and event management
security information and event management (SIEM)
cyber security dashboards
soc
security operations center
security operations center (soc)
soc training
soc dashboards
security operations center dashboards