How to Write an Actionable Alert
Writing a powerful detection is great, but if your SOC/IR team can't act upon it, how useful is it really? This article will serve as a guide on how to write an actionable alert.
Daniel's thoughts on infosec
Writing a powerful detection is great, but if your SOC/IR team can't act upon it, how useful is it really? This article will serve as a guide on how to write an actionable alert.
Many SIEM tools nowadays offer the opportunity for you to write rules on streaming data or run scheduled queries on a periodic basis. But when should you use which and why? This blog post is designed to serve as a guide to those designing their detection architecture.