SIEM – Page 4 – WindowsTechs.com

Microsoft Sentinel API for search a query [closed]

Posted on May 19, 2022 by zexapod

Is there any API in MS Sentinel to search a query,
Workspace
| where something == "something2"
| where this "that"

I tried using msticpy, any alternative that can be done using a cli?

Continue reading Microsoft Sentinel API for search a query [closed]→

How to avoid security blind spots when logging and monitoring

Posted on May 2, 2022 by Help Net Security

Cybersecurity involves a balancing act between risk aversion and risk tolerance. Going too far to either extreme may increase cost and complexity, or worse: cause the inevitable business and compliance consequences of a successful cyberattack. The deci… Continue reading How to avoid security blind spots when logging and monitoring→

LogRhythm vs Splunk (2023): SIEM tool comparison

Posted on March 22, 2022 by Collins Ayuya

This is a comprehensive LogRhythm vs Splunk SIEM tool comparison. Use our guide to learn more about features, pricing and more. Continue reading LogRhythm vs Splunk (2023): SIEM tool comparison→

VT4Browsers++ Any indicator, every detail, anywhere

Posted on March 15, 2022 by Emiliano Martinez

TL;DR: VirusTotal’s browser extension can now automatically identify IoCs in any website and enrich them with superior context from our crowdsourced threat intelligence corpus, in a single pane of glass fashion. Install in Chrome | Install in Firefox |… Continue reading VT4Browsers++ Any indicator, every detail, anywhere→

Are separate SIEMs for threat hunting a good idea?

Posted on February 23, 2022 by Helga Labus

In this interview with Help Net Security, Brian Dye, CEO at Corelight, talks about the trend of creating separate SIEMs for threat hunting and why this is not achieveable for all organizations. We are seeing companies establishing separate SIEMs for th… Continue reading Are separate SIEMs for threat hunting a good idea?→

Qualys Context XDR: Bringing context to an organization’s security efforts

Posted on February 15, 2022 by Mirko Zorz

Cybersecurity has become more complex than ever, allowing cybercriminals to access organizations through many different routes. To help incident response and threat hunting teams navigate this complex environment, Qualys has unveiled its Qualys Context… Continue reading Qualys Context XDR: Bringing context to an organization’s security efforts→

Security Concern Opening Up Azure VM to AWS IPs

Posted on February 10, 2022 by Nina G

We have an IIS webserver hosted in Azure. We want to monitor this server via our cloud SIEM hosted in AWS. To monitor, there is a requirement to open outbound 443, on the VM, to a few hundred AWS external IPs. Without this, the webserver c… Continue reading Security Concern Opening Up Azure VM to AWS IPs→

The evolution of security analytics

Posted on January 20, 2022 by Help Net Security

As networks continue to evolve and security threats get more complex, security analytics plays an increasingly critical role in securing the enterprise. By combining software, algorithms and analytic processes, security analytics helps IT and security … Continue reading The evolution of security analytics→

Defining user anomalies by analysing web server interaction counts [closed]

Posted on January 12, 2022 by Mario

I’m researching log-analysis using webserver/HTTP logs, so I created the pipeline for this use case (Anomaly detection). Let’s say I have number/counts of logged records/events for each username.

The problem is I’m not sure what is the be… Continue reading Defining user anomalies by analysing web server interaction counts [closed]→

Why would a legitimate application run on a non-standard port?

Posted on November 15, 2021 by user270109

Among the many "threats", I see on my SIEM, a non-standard port is a top one. It’s always been a false positive, but I don’t understand why this happens frequently?

Continue reading Why would a legitimate application run on a non-standard port?→