Are You the Ruler of Your Network? Find New Ways to Use Network Monitor and Win!

Firewalls, intrusion detection, anti-malware and endpoint protection all do a great job of looking at a particular system or service or point in time.

But what happens “in between?” Unless you capture and analyze the network traffic, you have no visibility into the “between spaces” where compromise, lateral movement and exfiltration actually occur.

LogRhythm’s Network Monitor Freemium is a free solution designed to help with threat detection and incident response. Our goal is to help identify and analyze threats faster so that organizations can respond to incidents with real evidence when time matters the most.

And now you can help contribute to how people use Network Monitor!

We're giving away over $18,000 USD in cash and prizes in three categories:

Novel Threat Detection ($5,000)

The cyber-world is full of malicious traffic. Using your Network Monitor Freemium (or enterprise version) and any of the tools at your disposal (Deep Packet Analytics (DPA), PCAP Replay, Dashboards, Query Rules) can you isolate and validate a unique or interesting network threat?

Best Security Hunting Dashboard or Use Case ($5,000)

One thing we know from many of the largest public breaches is that the evidence of the hack is there if you know where to look. Using your Network Monitor Freemium (or enterprise version) and any of the tools at your disposal (DPA, PCAP Replay, Dashboards, Query Rules) can you create a dashboard or use case that gives a security analyst the best possible chance to see the critical piece of evidence?

Best IT Operations Use Case ($5,000)

The line between security needs and operational IT needs continues to blur. The business user doesn't care whether a service is down because of a DDOS attack or down because of a blown network card. Using your Network Monitor Freemium (or enterprise version) and any of the tools at your disposal (DPA, PCAP Replay, Dashboards, Query Rules) can you create a dashboard or use case that leverages network data to solve an IT Operations need?

View full rules

Eligibility

This challenge is open to:

  • Individuals, and teams of individuals, who are at least 18 years of age
  • Teams entering on behalf of Organizations
  • The competition welcomes submitters from most countries around the globe. However, individuals or organizations may be disqualified if they are based in a nation, state, province, or territory where U.S. or local law prohibits participating in the competition or receiving a prize. This includes individuals, who are residents of, and organizations domiciled in Brazil, Quebec, Cuba, Sudan, Iran, North Korea, Syria or any other country designated by the United States Treasury's Office of Foreign Assets Control (OFAC).

Employees of LogRhythm, Devpost, contractors currently under contract work for LogRhythm or Devpost, and members of an employee or contractor's immediate family and household are not eligible.

Requirements

A submission must have:

  • Readme explaining the purpose, functionality and steps to test the submission
  • One or more of: DPA rule(s), exported dashboard(s), query rule(s)
  • Sample data (PCAP files), screen shots, or video walkthrough of the working submission
  • Must use NetMon version 3.3.1 or higher
  • Must be open-sourced and provided under one of the following open source licenses: MIT License, BSD 2-Clause, or BSD 3-Clause

Participants can enter and win in more than one category, but each submission must be different.

Be sure to visit our Network Monitor Community to watch how-to videos and get more information on Network Monitor.

Looking for example ideas on what to submit?

Novel Threat Detection ($5,000)

  • Write a DPA rule to identify auto-generated domain names using a chaos algorithm.
  • Write a DPA rule to isolate suspicious tunneling activity through a low level protocol such as ICMP.
  • Write a DPA rule to capture DNS spoofing attacks.

Best Security Hunting Dashboard or Use Case ($5,000)

  • Configure a dashboard to highlight beaconing traffic to multiple command and control servers.
  • Write a data enrichment DPA rule to flag IoT devices and configure a dashboard to monitor just traffic to/from your IoT devices.
  • Add additional filtering to the Destination Ports dashboard to flag high risk traffic.

Best IT Operations Use Case ($5,000)

  • Create DPA rules and a dashboard to isolate, analyze and visualize traffic to/from a problem system.
  • Create DPA rules and a dashboard to view QoS data for VOIP.
  • Create DPA rules and a dashboard to look for bandwidth hogs by both application and computer.

How to enter

  1. Download the free version of our Network Monitor, NetMon Freemium, (or use your enterprise version)
  2. Create NetMon rules or dashboards for any (or all!) of our three categories
  3. Zip all your required documents into a zip file
  4. Submit your entry via Devpost

Please see Official Rules for complete details.

 

Judges

Chris Brazdziunas

Chris Brazdziunas
VP of Products / LogRhythm

Craig Cogdill

Craig Cogdill
Software Engineer / LogRhythm

Greg Foss

Greg Foss
Global Security Operations Manager / LogRhythm

Seth Goldhammer

Seth Goldhammer
Director of Product Management / LogRhythm

John Gress

John Gress
Senior Software Engineer / LogRhythm

Kjell Hedstrom

Kjell Hedstrom
Manager, Software Development / LogRhythm

Rob McGovern

Rob McGovern
Technical Product Manager / LogRhythm

Chris Petersen

Chris Petersen
CTO and SVP of Customer Care / LogRhythm

Nathaniel "Q" Quist

Nathaniel "Q" Quist
Threat Research Engineer / LogRhythm

Ryan Sommers

Ryan Sommers
Threat Research Manager / LogRhythm

Judging Criteria

  • Relevance (45%)
    Is the solution relevant to a current challenge in the category?
  • Technical content (35%)
    Does the solution use NetMon capabilities in a technically correct and interesting fashion?
  • Novelty (20%)
    Is the solution a unique approach or a unique problem?