Hi Community!
The modern SOC is inundated with data. Finding truly evasive threats means we have to move beyond just matching rules and start finding behavioral outliers.
This new demo shows how Google SecOps brings massive compute resources to help you do just that, with built-in statistical functions and precomputed metrics.
This is a must-watch for threat hunters. See how Greg Kushmerek from the Google team:
- Runs on-the-fly multi-stage statistical queries (average, standard deviation) to find the largest deviations from normal network behavior.
- Uses precomputed "prevalence" metrics to find rare processes, IPs, and domains across your entire organization.
- Combines these concepts into a powerful rule to find likely C2 nodes by filtering for domains that are both rare and new.
- Applies the out-of-the-box UEBA library to find outliers in user authentication, network volume, and more.
- Uses these statistical detections as building blocks for higher-fidelity composite alerts.
What's your favorite statistical method for threat hunting (e.g., standard deviation, prevalence, baselining)? Share your techniques below!