Security | Threat Detection | Cyberattacks | DevSecOps | Compliance



Your Roadmap to Success with Risk-Based Alerting

In our last RBA blog post, we introduced the Splunk RBA journey and how to plan for a successful implementation. In this post, we dive deeper into the four levels of this journey. One of the things I've discovered in working with Splunk customers is that there is a big difference between an initial trial of RBA and using it effectively in a production environment.


Leveling Up Security Operations with Risk-Based Alerting

In life, you get a lot of different alerts. Your bank may send emails or texts about normal account activities, like privacy notices, product updates, or account statements. It also sends alerts when someone fraudulently makes a purchase with your credit card. You can ignore most of the normal messages, but you need to pay attention to the fraud alerts. Security is the same way.


Planning for Success with Risk-Based Alerting

In our last RBA blog post, we talked about some of the problems RBA can help solve. In this post, we explain the methodology we use with Splunk customers as their security teams start working with RBA. In working with our customers, the Splunk Superstar RBA Braintrust has developed a powerful methodology to kickstart your RBA implementation. From first moves to production, these four levels take you step-by-step through the process of successfully getting RBA up and running.


Level Up Your Cybersecurity with Risk-Based Alerting

In our first blog in the Splunk RBA series, we introduced Risk-Based Alerting (RBA) and covered the basic principles of RBA. In the rest of this series, we explain how you can plan and then implement RBA within your organization. Are your security teams drowning in data and overwhelmed with alerts? Are you thinking that there must be a better way, some esoteric or forbidden knowledge, to produce higher-fidelity alerts and keep your team from burning out?

Under the Wing: Automating Workflows with Falcon Fusion

76% of organizations report not having enough qualified security specialists. 80% of them report alert fatigue — with analysts scrambling to respond to multiplying alerts and few to no processes to streamline investigation and response. Join us in the next episode to learn how teams are using tools like Falcon Fusion to automate workflows, streamline operations and keep their team moving fast.

Risk Based Alerts Using Lookup Tables

Proactive event notification is one of the most valuable components of centralized log management and SIEM. It allows us to identify problems, misconfigurations, and potential security risks at an early stage. One of the ways we can improve event notification within Graylog is through the use of Lookup Tables.


Understanding alert overload part 2: How no-code automation can transform your security team

In a previous post, we discussed how alert overload can cripple security teams and prevent them from effectively detecting and responding to threats. In this post, we explore how no-code automation can help reduce the burden of alerts while providing the visibility and connectivity your organization requires. It's critical to have robust security solutions that not only help you detect but also block serious attacks before they cause any damage.