Our first webinar of 2025 is on the horizon!
On January 9th at 3 PM UTC, Tony Robinson from Proofpoint will be presenting what was originally his SuriCon 2024 talk - and we’re happy he could adapt it to a webinar format. 
Tony will be focusing on ways to spot anomalous activity for threats that may or may not have specific signatures.
First, he will present the value the ET INFO rule category can provide in spotting some of this anomalous activity. He’ll discuss the rules used that provide value in spotting unusual activity, and how attendees can customize the ET INFO rule category to better suit their needs.
The second part will show how to use system-specific artifacts to create IDS rules that can detect exfiltration of this data, for detecting anomalous activity. He’ll also discuss using cyberchef to transform and encode this data in various ways to create rules to detect obfuscation methods attackers use when exfiltrating this information.
If there is time, Tony will talk about the collaboration he has done with the maintainers of the SecureWorks Dalton project that might make development of rules like this much easier.
Save the date:
January 9
3 PM UTC
Register to attend via Zoom: Webinar Registration - Zoom