Defensive Go back to all


Free Workshop: Threat Detection and Hunting with PurpleLabs #1

- By Leszek Miś

This is the recorded session I delivered during a Hack In The Box SecTrain 2021 Free Workshop.
If you are looking to get into the threat hunting domain and want to learn more about how to get network and OS visibility/telemetry needed for advanced detection and threat hunting with Open Source / free tools, then this session is for you.

This is an introduction to PurpleLABS - the Cyber Range playground. I will demonstrate chained detection capabilities and the power of:

  • HELK + ElastAlert
  • Sigma rules
  • Sysmon + Windows Events
  • Splunk
  • ElastiFlow
  • Moloch FPC
  • Suricata IDS
  • Zeek IDS
  • Wazuh
  • Velociraptor
  • OSquery
  • Graylog
  • Falco
  • Syslog

Watch it here: