Chronicle SIEM: Insights and Challenges Explored
I've been using Chronicle SIEM for approximately six months now, and while reviewing my notes from this period, I've decided to compile everything into a blog post. In this post, I aim to share my personal highlights of the tool and provide insights into areas where there's room…
Effective Detection Rules for Network and Port Scans: Implementation Strategies
Active scannings are part of the initial phases of an attack, as defined by MITRE. Close monitoring of these scans can detect threat actors and prevent incidents from causing significant impact. Although relatively straightforward, implementing such alerts with a low rate of fa…
Automating Incident Response: A Scalable and Robust Approach
Automating tasks in Incident Response (IR) is key to reduce the impact of incidents. Although it seems as easy as start writing scripts, in my experience, this objective must be tackled in a more scalable and robust way that encompasses security, data science, and software develo…
The Importance of Logging Strategy
Logs are a key part of successful security or IT plan because they are an outstanding mechanism to diagnose many types of incidents. That's why every corporation should have a strategy to define what logs will be tracked and for how long. Usually, different log sources overlap da…