nightHawkResponse 2.0: Open source forensics rebirthed
Presenter: Daniel Eden
Format: 45 mins
Location: The Amphitheatre
Breaking into a network leaves a lot of artefacts.. Periodically sweeping your endpoints and storing that data can be invaluable.. Can you tell what’s different between today, yesterday and last week? Can you quickly scope your investigation in a matter of minutes and begin triaging? nightHawk Response can.
nightHawk Response is an open source platform we developed using Elastic as a search engine, Redline/HX/MIR audits as a data source and GO as our parsing engine. It was thought up over a Saturday morning coffee when we realised there was no tool to help our colleague analysts perform incident response triage and hunting at scale.
This is version 2.0, it has been stripped back, dejunkafied and optimised. New features including docker and cloud deployment will make it easier for you to get it up and running in minutes. Our integration has taken a new direction and we have included a "technology add-on"; a nightHawk Kibana Plugin, abstracting away our old UI to give the user a closer integration with the underlying search functionality.