3 months ago

And the winner is...

Rule Your Network Winners!

It is with great pleasure that we announce the winners of LogRhythm's Rule Your Network contest.  We received numerous entries and our judges invested many hours into evaluating each and every one.  Per the official rules, our judging team:

  1. Determined if the entry was complete, eligible, and followed the rules. We also assigned the entries to the proper contest categories.
  2. Scored the entry on real world relevance in the target category. Relevance counted for 45% of the total score.
  3. Scored the entry on technical merit, including testing out the solution. Technical merit counted for 35% of…

Read more


3 months ago

And the Winner Is...

Rule Your Network Winners!

It is with great pleasure that we announce the winners of LogRhythm's Rule Your Network contest.  We received numerous entries and our judges invested many hours into evaluating each and every one.  Per the official rules, our judging team:

  1. Determined if the entry was complete, eligible, and followed the rules. We also assigned the entries to the proper contest categories.
  2. Scored the entry on real world relevance in the target category. Relevance counted for 45% of the total score.
  3. Scored the entry on technical merit, including testing out the solution. Technical merit counted for 35% of…

Read more


3 months ago

Rule Your Network Contest is now over

Thank you to everyone who registered, downloaded NetMon Freemium and especially those that submitted entries to the contest.  Although submissions are closed and judging will begin soon, we'd love to continue the NetMon conversation over on community.logrhythm.com. If you have follow up ideas, questions or just want to submit the work that maybe wasn't quite contest ready, head over to the forums and our team will be happy to answer questions, review the work and support your network security and network operations use cases!

Thank you again and happy hunting!

Questions?

We're here to help. If you have any…

Read more


4 months ago

Only 1 day left! Enter now!

There's only one day left in the contest. Please wrap up your entry and get it submitted!  Remember, we can't judge content we don't receive.  See this update for instrucitons on how to submit.  We've seen some great enterires, but there's plenty of opportunity for you to win a $5,000 first prize or a $1,000 second prize in each of the three categories.

 

 

Questions?

We're here to help. If you have any questions about the hackathon, post on the discussion forum or email support@devpost.com and we'll respond as soon as we can.


4 months ago

Are you ready to submit your entry?

Ready to Submit?

So you have finished writing your amazing DPA rule or hyper useful dashboard and are ready to win $5,000. What do you do next?  Remember you can't win unless you follow the rules for entry!

The spirit of the entry is that we, the judges, need to know three things:

  1. What are you submitting?
  2. What does it do?
  3. How do we prove that your entry works as you describe?

Although we have nicely official rules and plan on sticking to them, try to help us answer those questions with your entry! 

What Do You Need?

Per the…

Read more


4 months ago

Three Weeks Left. Need Help or Ideas? Ask the Experts Session!

There are a little more than 3 weeks left in the contest!

Are you working on your entry?  Do you have questions about NetMon?  Want to talk to an expert? 

I'll be hosting an "Ask the Experts" session on Friday 8/11 from 10 - 11 am Mountain Standard Time.  If you'd like to join me and some of the NetMon development team, we'd be happy to help you with DPA syntax, talk through entry ideas, or simply show off some of the things you can do with NetMon!

If you are still looking for ideas, how about writing rules and…

Read more


5 months ago

New samples -- Analyzing ICMP with NetMon

If you came to Black Hat 2017 or follow LogRhythm's Blog, you may have noticed two new posts showing how to use Network Monitor DPA rules for a deep dive into ICMP. 

The first blog shows how to classify the type and code of ICMP traffic. Maybe you could start with this rule and make an interesting hunting or IT Operations dashboard. What would make ICMP traffic suspicious or interesting?  Got a system that is over-pinging?  How about all those timeouts?

The second blog is a great example of a novel threat detection entry. In the blog, we look at…

Read more


5 months ago

Black Hat 2017!

Are you headed to Las Vegas for Black Hat 2017?  If you are, stop by the LogRhythm Booth (#600).  Rob McGovern will be there giving demos of Network Monitor.  He will also be happy to talk to you about the contest, walk through possible ideas and generally chat about DPA Rules, Dashboards and Network Monitor.  If you are a LogRhythm customer, then definitely stop by!  We have a gift for our customers that will provide a nice distraction when you get stuck on your Rule Your Network entry. 

 

 

Questions?

We're here to help. If you have any questions…

Read more


6 months ago

Petya got you down? Looking for more data from a Packet?

A few weeks ago, we showed how to use NetMon to look for EternalBlue and WannaCry in a LogRhythm Blog post.  You may also want to see the latest on Petrya/NotPetrya, including some ways to detect signatuers with NetMon.  

From a contest perspective, you may be most interested in an ongoing blog series showing how to look at individual bytes in a packet!  The first part in the series describes the raw DPA code you need to extract bytes out of a packet. Other parts in the series will appear over the next few weeks showing how to…

Read more


6 months ago

Upgrade your NetMon to 3.4.2

We're happy to announce the release of NetMon 3.4.2.  If you are working on an entry, or plan to work on an entry, we recommend you upgrade your NetMon to 3.4.2. 

Why Upgrade?

  • The DPA editor has been improved. You'll have a much easier time writing and editing rules in 3.4.2
  • We've fixed a bug with DNS. The DNS flags field is now a correct integer representation of the binary flags.
  • If you haven't installed NetMon yet, and you plan to install it on a virtual platform, you'll have a much easier time getting it setup. We now recognize a…

Read more


6 months ago

Need ideas to get started?

Need Ideas?

Here at LogRhythm, we're full of ideas for what we want to do with Network Monitor. If you are enjoying working with Network Monitor and want some inspiration for the contest, consider tackling one of the following challenges:

Novel Threat Detection

We recently released some simple query rules to look for the EternalBlue exploit vector. What else is out there?  We expect this category to require diving into the metadata that extract for each protocol and lifting out highly specific behaviors. 

  • Can you pick out Gh0st or Loki or BBSRat? They are all well-known protocols at this…

Read more


7 months ago

Getting Started!

Welcome to the Rule Your Network contest!  To help you get started, here are some useful links:

  1. Download Network Monitor Freemium - https://logrhythm.com/network-monitor-freemium/
  2. Join the Network Monitor community for training videos, sample DPA rules, or to ask questiosn in our forums- https://community.logrhythm.com
  3. Read a SANS white paper on Network Monitor - https://www.sans.org/reading-room/whitepapers/detection/packets-lie-logrythm-netmon-freemium-review-37517 
  4. Or watch a recorded webinar and demo based on the SANS whitepaper - https://www.youtube.com/watch?v=KcNJgfeRjIo 

Keep an eye on the Updates tab for more resources and possible submission ideas.  We'll also be hosting some "office hours" sessions in Discussions as the contest progresses. 

Thank you for your…

Read more