Badges

35 Points
4 Years

User Activity

Over 2 years ago
@Evgeny Belenky yeah, "alert fatigue" is also a consequence of the human factor.  Without a continuous process of SOC software configuration, SOC will face this "alert fatigue" issue.  One more thing is gaps between different parts of the SOC team. Multi-experts are great,…
Over 2 years ago
SOC is the heart of your infrastructure security, a centralized system management mechanism, a collaboration of people and software. It is designed to detect anomalies, highlight real threats in them, and respond to these threats appropriately SOC has a complex structure…
Over 3 years ago
Try Open Threat Exchange otx.alienvault.com The best one, and now researchers from AlienVault is a part of AT&T, so they have really great data sources and expertise in Threat hunting.
Almost 4 years ago
TLDR SIEM: Security information management: Long-term storage as well as analysis and reporting of log data. Security event manager: Real-time monitoring, correlation of events, notifications, and console views. SOAR: SIEM + Threat Intelligence (IoC's, AI, etc),…
Over 4 years ago
In general, you will have the same problems with any software for log analysis in DHCP environments. But you can use FQDN and can also install agents on assets with dynamic IP But really, you will have some difficulties with asset and vulnerability management. Try to use…
Over 4 years ago
Contributed a review of AlienVault OSSIM: Integration with OTX enables us to see which IPs are malicious
Almost 5 years ago

About me

Pre-Sales Ninja!