-Detect unusual/suspicious logins. For example, you can count the number of failed login attempts within a given time  -Detect abnormal traffic which might indicate potential C2 traffic -Detect attempts to access your systems/network from unusual locations / IPs -Monitor…

Hi @Evgeny Belenky I think as long as you do this thing manually, you will always have to be subjective. One will always say alerts from critical assets first, setting them with higher priority. But the concept of threat intelligence will help. Threat intelligence feeds…

Hi @Giusel With the rise in insider threats, the idea of UEBA is becoming a must-have component in SOC.  This makes it necessary to have AD users or users from any other source to be available for monitoring in SIEM platforms. RSA NWP does this and definitely many other…

Hi Giusel From my little experience, it's always good to have a good working plan on how you are going to start setting up a SOC and how you are going to gradually mature the SOC. The primary consideration is the availability of 3 components: people, technology and process.…

Hi Rony,  Playbook automates the gathering of threat intelligence from a myriad of sources of threat intelligence. Playbooks ingest alerts from tools like SIEM and scan the alerts against the threat intelligence sources like VirusTotal and others in order to get information…

Great advises,