How to tune a SIEM solution

SIEM (Security Information and Event Management) solutions are critical for monitoring and detecting potential security threats within an organization’s network. However, the effectiveness of a SIEM solution depends on how well it is tuned. A poorly tuned SIEM solution can generate a large number of false positives, which can lead to alert fatigue and make […]

How to implement SOAR within an organization

SOAR (Security Orchestration, Automation, and Response) is a framework that combines security operations, automation, and response to detect, analyze, and respond to security incidents. SOAR helps organizations streamline their security operations by automating repetitive tasks, reducing response times, and improving the overall efficiency of their security operations. Implementing SOAR within an organization can be a […]

Should we review our Cybersecurity basics

Should we review our cybersecurity basics?

Only a few minutes before the end of 2017, a heavy year on cybersecurity from huge breaches through ransomware spreading and new vulnerabilities disclosers, to new defense technologies loudly evolving all around. I feel however almost tactless when I look the other way around and try to depict all of this in the real-world projects […]

How to actually implement Threat Intelligence automation

How to actually implement Threat Intelligence

As a starting point, a good basic understanding of possible Treat Intelligence integrations is a must. This will allow us to imagine fitting basic setup and future evolutions as TI operations mature inside the organization. We can form our first TI integration strategy on simple…

Indicators of Compromise in Threat Intelligence – Let’s speak some InfoSec Jargon

Indicators of Compromise (IOC) are items of forensic data (like information found in event logs or network flows), that highly indicate conceivably nasty activity in an organization’s system…