Badges
User Activity
Over 1 year ago
Contributed a review of Wazuh: Reliable, good endpoint security, and helpful documentation
Over 1 year ago
Contributed a review of Tenable.io Web Application Scanning: Reasonably priced, good pricing, and reliable
Over 1 year ago
Contributed a review of Splunk Infrastructure Monitoring: Simple to install and configure with many interesting features
Over 2 years ago
Answered a question: What are the top use cases to implement after deploying a SIEM?
-Detect unusual/suspicious logins. For example, you can count the number of failed login attempts within a given time
-Detect abnormal traffic which might indicate potential C2 traffic
-Detect attempts to access your systems/network from unusual locations / IPs
-Monitor…
Almost 3 years ago
Answered a question: How do you decide about the alert severity in your Security Operations Center (SOC)?
Hi @Evgeny Belenky
I think as long as you do this thing manually, you will always have to be subjective. One will always say alerts from critical assets first, setting them with higher priority.
But the concept of threat intelligence will help. Threat intelligence feeds…
Almost 3 years ago
Answered a question: Are you aware of SIEM platforms that integrate both Active Directory auditing and security monitoring tools?
Hi @Giusel
With the rise in insider threats, the idea of UEBA is becoming a must-have component in SOC.
This makes it necessary to have AD users or users from any other source to be available for monitoring in SIEM platforms. RSA NWP does this and definitely many other…
About 3 years ago
Contributed a review of Splunk Enterprise Security: Efficient, scalable, robust and easy to use
About 3 years ago
Contributed a review of Wazuh: Good integration with other platforms but not easily scalable and lacks threat intelligence
About 3 years ago
Answered a question: What are the best practices for Security Operations Center (SOC)?
Hi Giusel
From my little experience, it's always good to have a good working plan on how you are going to start setting up a SOC and how you are going to gradually mature the SOC. The primary consideration is the availability of 3 components: people, technology and process.…
Over 3 years ago
Answered a question: What is an incident response playbook and how is it used in SOAR?
Hi Rony,
Playbook automates the gathering of threat intelligence from a myriad of sources of threat intelligence. Playbooks ingest alerts from tools like SIEM and scan the alerts against the threat intelligence sources like VirusTotal and others in order to get information…
Reviews
Over 1 year ago
Splunk Infrastructure Monitoring
Answers
Over 2 years ago
Security Information and Event Management (SIEM)
Almost 3 years ago
Network Monitoring Software
Almost 3 years ago
Security Information and Event Management (SIEM)
About 3 years ago
Information Security and Risk Consulting Services
Over 3 years ago
IT Alerting and Incident Management
Comments
Over 3 years ago
Security Information and Event Management (SIEM)