PatrOwl - Orchestrating SecOps with an open-source SOAR platform
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Number of views:
981 (this month: 1)Creation date:
July 3, 2019Speakers:
Nicolas MATTIOCCOCompany:
GreenLock AdvisoryLicense:
CC BY-SA v4Description
A company, regardless of its size and market power, may go out of business or lose a lot of value because of a security incident on its information system.
The number of vulnerabilities and the interest of cyber-attackers is only increasing. With the advent of the monetization of botnet cyber attacks or the installation of crypto-miners for example, the threats are going more varied and intensified, but less targeted. The vast majority of companies are digital and increasingly exposed on the Internet. The level of cyber exposure is also higher. The “Cyber” risk has become vital. Today, everything has changed and tomorrow everything will change even faster. Where manual analysis was sufficient, paradigms of risk assessment are moving towards more automation. But we need intelligent automation.
The technological offer is not lacking, but after more than 10 years of experience, our observation is indisputable:
- The best tools are only satisfactory in part of their capacities
- It remains difficult to have a realistic and continuous visibility on the risks borne by the assets exposed by an organization.
- Business processes tend to adapt to the tool capabilities rather than using these tools to support their cyber surveillance strategy.
This automation strategy also tends to address the drastic lack of competent cyber security resources and retention of talents. The automation of recurrent, time-consuming and low-value-added tasks will allow teams to focus on more complex and therefore more motivating topics.
PatrOwl is an open-source solution for automating calls to commercial or open source tools that perform checks. To date, around 40 tools or online services are supported. Beyond centralizing the results (vulnerabilities, meta-data, asset states, …) obtained, the PatrOwl analysis engine compares these results with its knowledge base and other third-party services to determine scenarios of attacks (predictive analysis) or to trigger actions. (alerting, program calls, …). Largely customizable, PatrOwl is suitable for supporting penetration testing, vulnerability audit and compliance, static source audit, threat research (CTI) and security incident response (SOC) activities / DFIR).
— Link to the slides of Paris Open-Source Summit 2018 talk: http://www.patrowl.io/docs/PatrOwl_-_OSSPARIS18_-_20181206.pdf
Speaker
Nicolas MATTIOCCO (GreenLock Advisory)
Bio
Nicolas MATTIOCCO is a french information security expert working as a consultant for 10 years. He is currently an independent contractor in a CERT/CSIRT of a major financial institution and actively working on Red Team and SOAR activities. Nicolas also developed PatrOwl, an open-source and scalable platform for automating and orchestrating Security Operations like Penetration testing, Vulnerability Assessment, Code review, Compliance, Cyber-Threat Intelligence / Hunting and SOC, and DFIR operations (see https://patrowl.io).
Other media in the channel "2019"
136 views, 1 this monthBetter curl !July 3rd, 2019
101 views, 2 this monthManaging a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and ZabbixJuly 3rd, 2019
32 viewsNo IT security without Free SoftwareJuly 3rd, 2019
33 views, 1 this monthD4 Project - Design and Implementation of an Open Source Distributed and Collaborative Security MonitoringJuly 3rd, 2019
15 viewsProgramming research, a missed opportunity for secure and libre software?July 3rd, 2019
30 views, 1 this monthScale Your Auditing EventsJuly 3rd, 2019