CK is currently a senior researcher in CyCraft. He has presented technical presentations in technique conferences, such as BlackHat, HITCON, HITB, RootCon, CodeBlue, FIRST and VXCON. As an active member in Taiwan security community, he is the chairman of HITCON review committee, and CHROOT - the top private hacker group in Taiwan.
Security incidents and the false-positive alerts generated by SEIM solutions have grown considerably over the last decade. In this talk, we take a deep dive into the technical aspects of designing and creating an effective AI-driven threat hunting system from the ground up. Automated threat hunting systems, such as our Fuchikoma, alleviate alert fatigue by automating the investigation process, alert triage, and auto-generating attack storylines, allowing SOC analysts to rapidly identify and focus on the more severe incidents, their root cause, auto-enriched contextual information of each step of the attack, and ultimately, eradication and remediation. Each step of our design process on Fuchikoma’s automated ML-driven threat hunting system will be broken down step-by-step and explained thoroughly in detail.