APRIL 30, 12:00-2:00 PM - ROOM 22470 

Workshop: Purple Teaming with Detection-As-Code for Modern SIEM - Ken Westin

This hands-on workshop will demonstrate how to use Purple team techniques to develop hypotheses for new detections and strengthen their defenses against future attacks.

Our approach: We will use open-source offensive security tools to simulate attacks against lab infrastructure and use an investigative approach to learn and build new detections & manage them using detection-as-code principles to eliminate noise and false positives.

Who should attend?

This hands-on virtual workshop is perfect for detection & security engineers who are expected to develop and write detections to support new log sources, threat models, and vulnerabilities that are exploited in the wild