Learn how Booking.com turned their security challenges into a winning incident response workflow.
Beyond manual forensics: Booking.com’s approach to orchestrating incident response
Originally hosted on
Speakers
Hannah Roy
Product Marketing Manager, Tines
Ahmad Aziz
Security Engineer II, Booking.com
Browser history can play a critical role in incident response, from helping analysts reconstruct user activity and validating alerts, to uncovering malicious behavior. But retrieving raw artifacts from endpoints is often slow, manual, and inconsistent.
In this technical session, Ahmad Aziz, Security Engineer II at Booking.com, will share his winning entry from the 2024 “You Did WHAT?! With Tines” (YDWWT) competition: a fully automated workflow that pulls raw browser history artifacts from devices using CrowdStrike and prepares them for offline forensic analysis.
You’ll get a behind-the-scenes look at:
- The limitations that led Ahmad to build this workflow
- How the workflow uses CrowdStrike APIs to extract browser history artifacts
- How Ahmad uses the output to help his investigation
- Tips for adapting this workflow in your own environment
Tune in to discover how you can turn real-world security challenges into creative stories (and maybe even be inspired to submit your own story to the next round of YDWWT!).
Missed this webinar?
Sign up to our newsletter to get notified of our future webinars, events and more.
By filling out this form you agree to the terms and conditions in our privacy notice.