Most SOCs don’t fail because of tooling.
They fail because of signal quality.
Senior SOC Analyst focused on:
• Detection engineering
• Alert tuning
• Reducing false positives
• Better investigations
SpecterSignal
Signal > Noise.
Different systems log differently.
The SIEM translates all that messy data into a common format so it can be searched and correlated.
Otherwise it’s chaos.
#cyber#CyberSecurity#SOCs#CyberSec#infosec
Word spawns PowerShell reaches out to random IP downloads payload.
That chain matters more than the file hash.
Attack patterns.
How would you investigate this.
#cyber#CyberSecurity#SOCs#CyberSec#infosec
@CyberRacheal It is both for sure but most the time it is over complex explanations that have caused me issue and made me ask why not just make it simple and straight to the point.
Servers. Endpoints. Firewalls. Cloud apps. Identity systems.
If it makes noise, the SIEM can ingest it.
Think of it as a giant log warehouse.
#CyberSecurity#infosec#SOC#Security