BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//cfp.nsec.io//SP8DMH BEGIN:VTIMEZONE TZID:EST BEGIN:STANDARD DTSTART:20001029T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z TZNAME:EST TZOFFSETFROM:-0400 TZOFFSETTO:-0500 END:STANDARD BEGIN:STANDARD DTSTART:20071104T030000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11 TZNAME:EST TZOFFSETFROM:-0400 TZOFFSETTO:-0500 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000402T030000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z TZNAME:EDT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 END:DAYLIGHT BEGIN:DAYLIGHT DTSTART:20070311T030000 RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3 TZNAME:EDT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-2026-SP8DMH@cfp.nsec.io DTSTART;TZID=EST:20260514T133000 DTEND;TZID=EST:20260514T163000 DESCRIPTION:AI agents represent a fundamental shift for security practition ers. They can automate tedious workflows\, act as a co-pilot while you bui ld custom tooling that was previously out of reach\, and - when integrated into a well-designed system - serve as an intelligent analyst alongside y ou.\n\nThis workshop shows you all three. You'll learn to direct AI agents effectively\, then apply those skills to customize and use a complete thr eat hunting system that combines deterministic processing with AI-assisted analysis.\n\n\nWhat You'll Build\nA working threat hunting pipeline:\n\n - Endpoint telemetry via Sysmon - process creation\, network connections\ , file operations\n - Network telemetry via Zeek - connection logs\, DNS queries\, HTTP traffic\n - A deterministic receptor that harmonizes both sources\, correlates events using four-tuple matching\, and ranks suspicio us activity using DuckDB\n - Agent integration where an agent assists wit h investigation\, pattern analysis\, and detection refinement\n\nThe deter ministic layer does the heavy lifting. The agent provides contextual analy sis on what surfaces. You make the final call.\n\nWhat You'll Learn\nBeyon d the system itself\, you'll learn the practices that make agent collabora tion effective:\n - Structuring projects so agents understand your enviro nment\, optimize outputs\, and retain "memory"\n - Integrating systems th at ensure you not only become effective at delivering results\, but ensure you continue learning while working with agents ("anti-brainrot systems") \n - Context management + intuition - learn how to optimize your interact ion with agents\n - Learn how to extend agent capabilities\, when MCPs ar e the right call\, when they are not\n - Agentic coding best practices - staying on top of what's being built\, not outsourcing your thinking\n - Building reusable skills for repeatable security workflows\n - Hooks and guardrails for safe\, automated agent operation\n\nWho Should Attend\nThre at hunters\, detection engineers\, SOC analysts\, and security practitione rs who want to integrate AI agents into their workflow - whether for build ing tools\, automating analysis\, or hunting threats.\n\n Requirements\n - Laptop with terminal access\n - Model access - I will be using Claude C ode\, but the course is agnostic - you can use any model to provide infere nce. DTSTAMP:20260507T211737Z LOCATION:Workshop 1 SUMMARY:Agentic AI for Threat Hunting - Faan Rossouw URL:https://cfp.nsec.io/2026/talk/SP8DMH/ END:VEVENT END:VCALENDAR