Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Register to Watch
Plus, we'll send you relevant content.
The HELK project offers another approach for advanced cyber-hunting analytics, focusing on the importance of data documentation, quality, and modeling when developing analytics and making sense of disparate data sources inside the contested environment. Using the ELK Stack as a base and integrating it with other technologies such as Apache Spark and Jupyter allows security analysts to create and deploy interactive hunting playbooks while exposing extra advanced capabilities on the top of the ELK Stack.
Adversary Detection Researcher, SpectorOps
Roberto Rodriquez is a Senior Threat Hunter at SpecterOps where he specializes in the development of analytics to detect advanced adversaries techniques. His experience performing incident response and threat hunting engagements, in various industries, has encouraged him to help organizations improve their security posture and share his knowledge with the information security community. He is also the author of several open source projects, such as the Threat Hunter Playbook and HELK, to aid the community development of techniques and tooling for hunting campaigns. He currently maintains his blog at https://cyberwardog.blogspot.com.