Detection Engineering Training

In this video, we will use Gravwell to pivot on several indicators contained in an intelligence report to discover the underlying TTPs that threat actors used within our environment. Then we will take those TTPs and distill them into detection logic that can be rendered back into Gravwell as deployable detections which can be controlled and customized with no-code “Flows”. 

The purpose of this video is to showcase Gravwell’s search capabilities namely we are aiming to develop queries that will allow us to discover threat actor activity on a proactive basis.

In support of this goal we will not be focusing expressly on query logic but rather on the findings surfaced via said queries. We will then transition to the Automation “Flows’ functionality to show how a query can be translated to an automated notification.