4 days ago

Are you ready to submit your entry?

Ready to Submit?

So you have finished writing your amazing DPA rule or hyper useful dashboard and are ready to win $5,000. What do you do next?  Remember you can't win unless you follow the rules for entry!

The spirit of the entry is that we, the judges, need to know three things:

  1. What are you submitting?
  2. What does it do?
  3. How do we prove that your entry works as you describe?

Although we have nicely official rules and plan on sticking to them, try to help us answer those questions with your entry! 

What Do You Need?

Per the…

Read more

13 days ago

Three Weeks Left. Need Help or Ideas? Ask the Experts Session!

There are a little more than 3 weeks left in the contest!

Are you working on your entry?  Do you have questions about NetMon?  Want to talk to an expert? 

I'll be hosting an "Ask the Experts" session on Friday 8/11 from 10 - 11 am Mountain Standard Time.  If you'd like to join me and some of the NetMon development team, we'd be happy to help you with DPA syntax, talk through entry ideas, or simply show off some of the things you can do with NetMon!

If you are still looking for ideas, how about writing rules and…

Read more

20 days ago

New samples -- Analyzing ICMP with NetMon

If you came to Black Hat 2017 or follow LogRhythm's Blog, you may have noticed two new posts showing how to use Network Monitor DPA rules for a deep dive into ICMP. 

The first blog shows how to classify the type and code of ICMP traffic. Maybe you could start with this rule and make an interesting hunting or IT Operations dashboard. What would make ICMP traffic suspicious or interesting?  Got a system that is over-pinging?  How about all those timeouts?

The second blog is a great example of a novel threat detection entry. In the blog, we look at…

Read more

27 days ago

Black Hat 2017!

Are you headed to Las Vegas for Black Hat 2017?  If you are, stop by the LogRhythm Booth (#600).  Rob McGovern will be there giving demos of Network Monitor.  He will also be happy to talk to you about the contest, walk through possible ideas and generally chat about DPA Rules, Dashboards and Network Monitor.  If you are a LogRhythm customer, then definitely stop by!  We have a gift for our customers that will provide a nice distraction when you get stuck on your Rule Your Network entry. 




We're here to help. If you have any questions…

Read more

about 2 months ago

Petya got you down? Looking for more data from a Packet?

A few weeks ago, we showed how to use NetMon to look for EternalBlue and WannaCry in a LogRhythm Blog post.  You may also want to see the latest on Petrya/NotPetrya, including some ways to detect signatuers with NetMon.  

From a contest perspective, you may be most interested in an ongoing blog series showing how to look at individual bytes in a packet!  The first part in the series describes the raw DPA code you need to extract bytes out of a packet. Other parts in the series will appear over the next few weeks showing how to…

Read more

about 2 months ago

Upgrade your NetMon to 3.4.2

We're happy to announce the release of NetMon 3.4.2.  If you are working on an entry, or plan to work on an entry, we recommend you upgrade your NetMon to 3.4.2. 

Why Upgrade?

  • The DPA editor has been improved. You'll have a much easier time writing and editing rules in 3.4.2
  • We've fixed a bug with DNS. The DNS flags field is now a correct integer representation of the binary flags.
  • If you haven't installed NetMon yet, and you plan to install it on a virtual platform, you'll have a much easier time getting it setup. We now recognize a…

Read more

2 months ago

Need ideas to get started?

Need Ideas?

Here at LogRhythm, we're full of ideas for what we want to do with Network Monitor. If you are enjoying working with Network Monitor and want some inspiration for the contest, consider tackling one of the following challenges:

Novel Threat Detection

We recently released some simple query rules to look for the EternalBlue exploit vector. What else is out there?  We expect this category to require diving into the metadata that extract for each protocol and lifting out highly specific behaviors. 

  • Can you pick out Gh0st or Loki or BBSRat? They are all well-known protocols at this…

Read more

3 months ago

Getting Started!

Welcome to the Rule Your Network contest!  To help you get started, here are some useful links:

  1. Download Network Monitor Freemium - https://logrhythm.com/network-monitor-freemium/
  2. Join the Network Monitor community for training videos, sample DPA rules, or to ask questiosn in our forums- https://community.logrhythm.com
  3. Read a SANS white paper on Network Monitor - https://www.sans.org/reading-room/whitepapers/detection/packets-lie-logrythm-netmon-freemium-review-37517 
  4. Or watch a recorded webinar and demo based on the SANS whitepaper - https://www.youtube.com/watch?v=KcNJgfeRjIo 

Keep an eye on the Updates tab for more resources and possible submission ideas.  We'll also be hosting some "office hours" sessions in Discussions as the contest progresses. 

Thank you for your…

Read more