Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Join us for this session of Defender Fridays as we explore human risk management, security culture, and building empathy-driven security programs with Brandon Min, Founder and CEO at Herd Security. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

Noisy alerts slow down every SOC. See how Claude Code with LimaCharlie can analyze your existing detection logic and trigger alerts to identify what's generating the noise and what can be done about it. After running the prompt, Claude Code reviews your rules and their trigger frequency, identifies the ones generating false positives, and produces specific recommendations for suppression rules to apply. In this example, it flags three rules and provides the logic to address each one, whether the issue stems from a syntax problem or detection logic that needs tightening.

This video shows how Claude Code handles a full tenant setup in a single workflow: creating a new organization, deploying Sigma rules, and enabling Git Sync, all in one run with LimaCharlie. Claude Code creates the organization, deploys the community Sigma rules available on the platform, and configures the Git Sync extension. That extension automatically creates a GitHub repository and syncs both the detection rules and the full tenant configuration to it, giving you version-controlled infrastructure from day one.

This video expands on the EC2 sensor deployment example by tackling a full customer onboarding across four cloud environments: AWS, Azure, GCP, and DigitalOcean.

When a new security incident surfaces, threat intelligence is only useful if you can act on it quickly. This video shows how Claude Code, combined with LimaCharlie, compresses that gap significantly.

In this week's Intel Chat, Christopher Luft and Matt Bromiley discuss how attackers used AI to clone over 150 law firm websites, targeting fraud victims under the guise of offering legal assistance to recover lost funds. Chris points out how easy this has become with AI tools. Attackers can quickly clone a website, host it at a legitimate-looking domain, and start harvesting information. The episode also covers Russian cyber operations targeting the defense industrial base, Team PCP's campaign compromising 60,000+ servers, and exposed OLAMA AI infrastructure.

Claude Code runs directly inside the LimaCharlie UI, connecting to the MCP server and loading the skills needed to execute commands across your environment. In this video, you'll see it in action for common administrative tasks: identifying organizations and their IDs, pulling sensor counts for a specific org, and getting a full breakdown of containers by type. SOC managers can query this information conversationally rather than navigating multiple menus or writing custom scripts.