Explore the challenges of balancing detection coverage and alert fatigue in a Security Operations Center (SOC) through this 25-minute conference talk from NorthSec. Discover how a custom platform leveraging the concept of indicators was developed to correlate minor or noisy detection logics. Learn about the toolset and implementation details used to monitor tens of thousands of endpoints effectively. Gain insights into how this platform has become a crucial tool for threat hunting and assists SOC analysts in their investigations. Understand the journey of building a detection engineering system that avoids common pitfalls, such as generating alerts for benign activities like executing the 'whoami' command.
Overview
Syllabus
NSEC2023 - Willy Wonka and the Detection Factory: Detection Engineering without Alert Fatigue
Taught by
NorthSec