SN50: APT Episode 1: Rise of the Bots

Document created by jmerrill on Sep 10, 2010
Version 1Show Document
  • View in full screen mode

APT Episode 1: Rise of the Bots
Duc Ha, Senior Security Solutions Engineer, ArcSight; Rishi Divate, Senior Security Solutions Engineer, ArcSight
Level: Intermediate
Learn to develop creative ArcSight ESM content to detect and track bot activities. Specifically, we will look at constructing ArcSight ESM resources based on different bot communication methods, using real-life examples such as Kraken, Conficker and Zotob. Finally, we will examine how to leverage advanced tools such as pattern discovery to detect bot patterns and ArcSight TRM to provide automated response action in case of an incident.