This talk will look at strategies to align Purple Teaming exercises to threat detection and incident response. Attendees will be shown techniques that afford Detection and Response personnel to identify adversary techniques through detection technology and how to respond with a combination of playbooks and remote evidence capture.
- How to construct a Purple Team exercise to include response actions such as evidence triage and analysis.
- Using Purple Teaming exercises as a way to not only test detection mechanisms but also execute IR plans and playbooks
- An introduction to the Rapid Response Drill concept that takes specific adversary TTPs and utilizes them in a Purple Team construct to drill actions detection and response personnel need to execute