This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question
jstoner
Staff
Since ‎11-16-2022
Online

My Stats

  • 244 Posts
  • 48 Solutions
  • 11 Likes given
  • 216 Likes received

jstoner's Bio

I provide security domain expertise on security operations, threat hunting, detection engineering and response. Additionally, I blog about security operations and threat hunting, currently through the New to Chronicle series on https://chronicle.security/blogs. Part of my time is spent creating and developing workshops intended to provide practitioners the opportunity to broaden their skills within SecOps. I also speak at industry symposia including BSides; Vegas and SF; DefCon Packet Hacking Village; FIRST and FIRST Technical Colloquium Amsterdam; SANS THIR, DFIR, Cloud Security Summit and SIEM Summit; Way West Hacking Fest, WiCyS, AISA, Splunk .conf and Google Cloud NEXT. Prior to coming to Google, I was at Splunk and before that ArcSight. I was an APT scenario creator for a Blue Team CTF and can be found on Threads, Bluesky and Mastodon - Infosec Exchange with the same handle as on XTwitter, I just haven't found a permanent home yet.

Badges jstoner Earned

View all badges

Recent Activity

Getting to Know Google SecOps: String Function: String Lengths

Wednesday
We've talked about counting substrings previously but suppose we want to count the number of characters in a string. Perhaps we want to analyze the length of a user agent or a command line and inspect excessively long (or short) values. Let's take a ...

New to Google SecOps: Domain and Hostname Extraction is NOT Like Pulling Teeth

a week ago
This installment of New to Google SecOps will look at a few functions that make it simpler to work with URLs and other fields where hostnames and domains may be lurking. Oftentimes, we are provided with a field that starts with http:// or a username ...

Getting to Know Google SecOps: String Function: Counting Substrings

a week ago
Sometimes we find that we have values in our fields that we just want to count. For instance, perhaps we have a bunch of commands anded together and we want to figure out how many of them there are. Let's take a look at the strings.count_substrings f...

Getting to Know Google SecOps: Statistical Functions: Standard Deviation & Variance

2 weeks ago
We've got more statistical functions for you today! Let's take a look at the functions window.variance and window.stddev; both of which can be used with rules and searches in Google SecOps! Variance, or mean square difference, is calculated by findin...

New to Google SecOps: Time, Time, Time, See What’s Become of Me…

3 weeks ago
Timestamps are crucial in security operations; we need them to aggregate data, build detections and focus searches. When we start presenting results to analysts and leadership, we need the ability to represent timestamps in a way that is meaningful t...
View more