Collaborate Disseminate
I’m researching log-analysis using webserver/HTTP logs, so I created the pipeline for this use case (Anomaly detection). Let’s say I have number/counts of logged records/events for each username.
The problem is I’m not sure what is the be… Continue reading Defining user anomalies by analysing web server interaction counts [closed]
Among the many "threats", I see on my SIEM, a non-standard port is a top one. It’s always been a false positive, but I don’t understand why this happens frequently?
Continue reading Why would a legitimate application run on a non-standard port?
Maintaining cybersecurity for organizations has never been more complex; now that remote and hybrid work has become the norm, access to a company’s network is no longer limited to those within the physical building but extends to people connecting thro… Continue reading Why integrating SIEM tools is crucial to managing threats
Is there a website for SIEM attack detection use cases that lists use cases for different types of devices?
Continue reading Website for SIEM attack detection use cases [closed]
With remote work and reliance on cloud computing here to stay, it’s no surprise how many headlines there are to address the growing cloud security concerns in our industry. While there is a time and place for onboarding additional cloud security soluti… Continue reading For adapting to new cloud security threats, look to “old” technology
Security operations teams have been dealing with “alert fatigue” for far too long. The introduction of log monitoring (e.g., SIEM), firewall, and AV technologies over two decades ago provided valuable tools for IT teams to be alerted to known suspiciou… Continue reading Combating vulnerability fatigue with automated security validation
I detected an activity last week on our SIEM system. The MsMpEng.exe which belongs to Windows Defender access lsass.exe. I search it on the net for learn is it a normal acitivty or is it anormal then there is no information about it. Activ… Continue reading Windows Defender’s MsMpEng.exe Access lsass.exe
The global security information and event management (SIEM) market size is projected to reach $6436.2 million by 2027, from $3938.3 million in 2020, at a CAGR of 6.8% during the forecast period 2021-2027, Valuates Reports reveals. Major factors driving… Continue reading SIEM market size to reach $6436.2 million by 2027
Panther Labs released the findings from their report which surveyed over 400 security professionals who actively use a SIEM platform as part of their job, including CISOs, CIOs, CTOs, security engineers, security analysts, and security architects, to g… Continue reading Traditional SIEM platforms no longer meet the needs of security practitioners
Our SIEM has a Sigma rule that alerts when svchost is launched without any arguments. The logs are from a domain controller which unfortunately I don’t have access to to verify. I will be reaching out to our system admin, but can anyone … Continue reading SVCHOST Executed without any arguements [closed]