Software Engineering Institute

There are multiple tools available that will build infrastructure for you, then, simulate attacks on the newly built infrastructure. Your job as an analysts is to leverage this data to test your detections and defenses. What if there were a simpler way? What if you could simply generate log events with specific characteristics, then ingest the data into your analytic tool of choice? In this talk we will go over a python framework to simplify data generation simulating specific attacks and attack chains without the need for infrastructure.

Attendees will learn how to leverage an open source tool to generate synthetic attack events allowing them to easily generate adversarial activity without the need to build infrastructure.

Marcus has been in the security field longer than he'd like to admit. Most of his experience before joining Splunk as a Security Strategist has been supporting various government agencies. He has done everything from leading SOCs, to building threat hunting teams, to research and development. As an avid open source enthusiast, he has contributed to several projects as well as the lead maintainer on many more. When not modifying his .vimrc or .tmux.conf files, he enjoys family time, hiking, mentoring, and craft beer.