tag:blogger.com,1999:blog-9518042.post7469825113877032833..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: What's Up?Unknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-9518042.post-16512138837905296672014-04-12T06:11:30.443-05:002014-04-12T06:11:30.443-05:00Do you think big data tools (elsa, splunk, hadoop)...<i>Do you think big data tools (elsa, splunk, hadoop) can help with profiling ttps (behavior wise)?</i><br /><br />I have no idea...it would really depend upon how they're used, honestly. I mean, if whatever the set up isn't being populated with something that would allow profiling TTPs, I would say, "no".<br /><br /><i>would it sound cheesy if i asked if you sign copies?</i><br /><br />Not at all.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-35726596993759628122014-04-11T16:42:31.692-05:002014-04-11T16:42:31.692-05:00Do you think big data tools (elsa, splunk, hadoop)...Do you think big data tools (elsa, splunk, hadoop) can help with profiling ttps (behavior wise)?<br /><br /><br />+1 for punbup.py, i use it in a batch script along with grep to go through chunks of bup files when needed. the syntax is pretty self explanatory.<br /><br /><br />Looking forward to your book! would it sound cheesy if i asked if you sign copies?43nsicbothttps://www.blogger.com/profile/10129306415286340173noreply@blogger.com