Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM). Updated: November 2024.
Security Orchestration Automation and Response (SOAR) platforms integrate security tools and data to streamline operations, automate tasks, and improve response times. They enhance threat detection and resolution efficiency through automated and orchestrated workflows.
SOAR solutions are instrumental in modern cybersecurity strategies. These tools centralize security operations, automating repetitive tasks and coordinating incident response across multiple systems. Analysts can analyze...
@Chiheb Chebbi,
I hope the below test cases are helpful.
Test 1 - Recon: Password Spraying
Test 2 - Privilege Escalation (windows): Powershell Dropper Attacks
Test 3 - Lateral Movement: PsExec
Test 4 - Privilege Escalation (Linux): Failed Sudo
Test 5 - Malicious Code Execution: Eicar Malware Test File
Some examples
https://drertugrulakbas.medium...
As a rule, a SIEM correlation should:
1) Reduce events by 99.99% - raw events to correlations
2) Impact system performance by <1%
3) Produce Correlated Threats with >35% true positive rate on investigation
- 33% are usually false positives or misconfigurations (not real threats)
- 33% are usually unexplained, root cause not discernable
4) Result in <10% false negatives (missed threats)