Many organizations struggle with keeping track with the flood of information regarding threat actor groups, malware, and other security vulnerabilities being released each day. Although many people understand the importance of keeping up to date with this information, it can often become a lower priority to other defensive security operations functions.
This talk will cover how to take various forms of cyber threat intelligence and operationalize that information into behaviors that can create actual detections relevant to the organization. We will walk through the process of identifying said behaviors, how to create detections, and how to actually test those detections using open source tools.