Can threat intelligence feeds be used to fully automate defensive or preventative action? Based on our research in late 2016, there was still too much "junk data" in circulation to fully automate without additional assistance.
With a goal of creating significant barriers for an attacker while limiting impact to every day business users, we experimented with using virtual desktop
infrastructure to reset workstations to known good states at a frequent time scale.
A quick visual "thumbnail" snapshot of a network packet capture (PCAP file) from the perspective of a single host/device, generating thumbnails of four distinct properties.
Vent is a light-weight tool, built on a plugin system, that lets you easily leverage Docker containers by building customizable and repeatable pipelines in minutes for collection and analysis.