利用思科安全 API 进行基于自动警报和英特尔驱动检测的威胁搜寻.pdf

《利用思科安全 API 进行基于自动警报和英特尔驱动检测的威胁搜寻.pdf》由会员分享，可在线阅读，更多相关《利用思科安全 API 进行基于自动警报和英特尔驱动检测的威胁搜寻.pdf（61页珍藏版）》请在三个皮匠报告上搜索。

1、#CiscoLive#CiscoLiveOxana Sannikova,Security Programmability Lead,GSATDEVNET-3098Based on Automated Alerting and Intel-Driven DetectionsLeveraging Cisco Security APIs for Threat Hunting 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Web

2、ex App 3Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker u

3、ntil June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicDEVNET-3098 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveA little bit about meWork:Global Security Architecture Team15 years at Cisco,19 years in security industryPast exp.:Pe

4、rl,PHP,Network monitoring automationCurrent coding exp.:Python,Java ScriptAutomation tools:SecureX orchestrationLife:7 years in CanadaHobby:urban sketchingDEVNET-30984Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicThreat Hunting MaturityAutomation use cases:Make threat intel

5、ligence actionableDetection and alertingForensics gatheringTakeawaysResourcesDEVNET-30985Threat Hunting Maturity 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLack of Internet-wide Threat VisibilityAlert PriorityEffectiveIntel useLimitedResourcesIdentify where Identify w

6、here attackers attackers stage attacksstage attacksHow domains,IPs,How domains,IPs,ASNs,and malware ASNs,and malware are connectedare connectedFlood of alerts dailyFlood of alerts dailyDifficult to prioritize Difficult to prioritize investigationsinvestigationsDifficult to identify Difficult to iden