You’ve found an alert, or done some threat hunting and found something more than a little odd; now, how do you get the people who need to know about what you’ve found care about it, and understand what you’ve found?
This talk aims to provide tips and suggestions of how to approach communicating investigation notes from SOC/IR/Threat Intel work in a way that makes it clear to stakeholders not only what they need to care about, but understanding /why/ they need to care, and showing them the evidence in a way that doesn’t dumbfound them with data or send them to sleep with raw dumps of syslog. It is aimed at all levels of a security career, from student to seasoned professional.
- BLUF == Bottom Line Up Front