Can Threat Detection be enhanced with AI? Ashish sat down with Dave Johnson, Senior Threat Intelligence Advisor at Feedly, at BSides SF 2024, where Dave also presented a talk.
Dave shares his journey in cyber threat intelligence, including his 15-year career with the FBI and his transition to the private sector. The conversation focuses on the innovative use of large language models (LLMs) to create Sigma rules for threat detection and the challenges faced along the way. Dave spoke about his four approaches to creating Sigma rules with AI, ultimately highlighting the benefits of prompt chaining and Retrieval Augmented Generation (RAG) systems.
Questions asked:
00:00 Introduction
01:44 A word for our episode sponsor, Panoptica
02:39 A bit about Dave Johnson
03:33 What are Sigma Rules?
04:36 Where to get started with Sigma Rules?
05:27 Skills required to work with Sigma Rules
06:32 The four approaches Dave took to Sigma Rules
11:29 Are Sigma Rules complimentary to existing log systems?
12:18 Challenges Dave had during his research
14:09 Validating Sigma Rules
16:01 Working on Sigma Rule Projects
18:54 The Fun Section
Resources
Dave's Webpage: daveinthemiddle.com/
Sigma HQ GitHub:github.com/SigmaHQ/sigma
--------------------------------------------------------------------------------
📱Cloud Security Podcast Social Media📱
_____________________________________
🛜 Website: cloudsecuritypodcast.tv/
🧑🏾‍💻 Cloud Security Bootcamp - www.cloudsecuritybootcamp.com/
✉️ Cloud Security Newsletter - www.cloudsecuritynewsletter.com/
Twitter: / cloudsecpod
LinkedIn: / cloud-security-podcast
#cloudsecurity