%term

The latest News and Information on Security Incident and Event Management.

The Ultimate Guide to Sigma Rules

Apr 9, 2024 By Jeff Darrington In Graylog

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.

Read Post

Graylog

Read more about The Ultimate Guide to Sigma Rules

Tracing history: The generative AI revolution in SIEM

Apr 9, 2024 By Mike Nichols, In Elastic

The cybersecurity domain mirrors the physical space, with the security operations center (SOC) acting as your digital police department. Cybersecurity analysts are like the police, working to deter cybercriminals from attempting attacks on their organization or stopping them in their tracks if they try it. When an attack occurs, incident responders, akin to digital detectives, piece together clues from many different sources to determine the order and details of events before building a remediation plan.

Read Post

Elastic

Read more about Tracing history: The generative AI revolution in SIEM

AT&T DDoS Portal Contacts Management Video

Apr 8, 2024 By LevelBlue In LevelBlue

In this video, you'll learn about AT&T DDoS Defense Service contact management and how the company administrator adds a new contact. Contacts are notified in the event of a DDoS attack. So it's important to keep the contacts list up to date and accurate.

View Video

LevelBlue

Read more about AT&T DDoS Portal Contacts Management Video

5 reasons why observability and security work well together

Apr 8, 2024 By Jennifer Ellard, In Elastic

Site reliability engineers (SREs) and security analysts — despite having very different roles — share a lot of the same goals. They both employ proactive monitoring and incident response strategies to identify and address potential issues before they become service impacting. They also both prioritize organizational stability and resilience, aiming to minimize downtime and disruptions.

Read Post

Elastic

Read more about 5 reasons why observability and security work well together

AT&T DDoS Defense Portal Email Alert Video

Apr 8, 2024 By LevelBlue In LevelBlue

In this video, you'll learn about AT&T DDoS Defense Service Alert Emails. We'll also give you an overview of the investigation process. For any high severity alerts, which are caused by traffic exceeding thresholds in protected zones, the DDoS Defense Service sends an alert email to your contacts. At the same time, a ticket is created for the AT&T Threat Management Team to investigate the alert.

View Video

LevelBlue

Read more about AT&T DDoS Defense Portal Email Alert Video

Graylog and SOC Prime Form Exclusive Partnership to Make Threat Detection and Response More Effective and Efficient

Apr 3, 2024 By Graylog In Graylog

Collaboration significantly enhances enterprise cybersecurity posture within hours.

Read Post

Graylog

Read more about Graylog and SOC Prime Form Exclusive Partnership to Make Threat Detection and Response More Effective and Efficient

Does Your SIEM Offer Enough Flexibility? Questions to Ask

Apr 2, 2024 By Devo In Devo

When evaluating a SIEM, two key factors stand out: flexibility in data handling and open architecture. These two elements significantly enhance a platform’s efficiency and adaptability in managing cybersecurity threats. Whether you’re evaluating your current SIEM or looking for a more modern solution, here are five questions to ask to gauge its flexibility.

Read Post

Devo

Read more about Does Your SIEM Offer Enough Flexibility? Questions to Ask

Responding to CVE-2024-3094 - Supply chain compromise of XZ Utils

Apr 1, 2024 By Anton Ovrutsky In Sumo Logic

It seems as though responders cannot catch a break when it comes to 0-day vulnerabilities and supply chain compromise avenues. On March 29th, 2024, the Cybersecurity & Infrastructure Security Agency published an alert regarding a supply chain compromise of the XZ Utils package. At time of writing, there is no information regarding exploitation of the vulnerability and follow-on post-compromise activity.

Read Post

Sumo Logic

Read more about Responding to CVE-2024-3094 - Supply chain compromise of XZ Utils

Threat Detection, Investigation, and Response (TDIR) with Sumo Logic - March 28th

Mar 29, 2024 By Sumo Logic In Sumo Logic

Join us as Chas and Christopher teach how Sumo Logic Cloud SIEM helps with TDIR.

View Video

Sumo Logic

Read more about Threat Detection, Investigation, and Response (TDIR) with Sumo Logic - March 28th

SIEM in Seconds - Splunk Enterprise Security Auto Refresh and Timeline of Notable Events

Mar 28, 2024 By Splunk In Splunk

SOC analysts are overwhelmed sifting through a sea of notable events. They are unable to prioritize events and act fast. With Auto Refresh in the Incident Review interface, users will not have to re-run the Incident Response search or refresh the page. Furthermore, an interactive timeline for notable events within the Incident Response interface enables the SOC to quickly prioritize critical incidents.

View Video