Olivia
Online
Dan Whalen
@vac4n7
Joined August 2014
378 Following
178 Followers
127 Posts
@anton_chuvakin Might be an add on to your b) but - “anomaly detected”. The bane of any SOC analyst’s existence. Sounds bad, most often isn’t - and painful to investigate!
@christophetd @ExpelSecurity @awscloud There's a whole world of really interesting detection use cases in EKS as well that you can build on top of the EKS audit logs. We've written about this a bit and plan to blog more in the near future :) https://t.co/SRt9oTzyC9
@christophetd @ExpelSecurity @awscloud That's a great write-up @christophetd! We'd definitely expect to see more GetCallerIdentity activity in EKS environments. Calls using many unique IAM keys in a short time period could still be an interesting indicator (as always "it depends").
We get it, our TL's been a little #k8s heavy (sorry not sorry, it's #Kubecon!)
So let's get back to the basics for a sec. This article from @vac4n7 is a perfect primer for understanding authorization in @kubernetesio: https://t.co/qTV6ysiC7K #kubernetes #CloudNativeCon @KubeCon_
You're monitoring your @kubernetesio environment 👍
You've collected all the #k8s audit logs 👍
So what should you *actually* be looking for in 'em? 🤔
Resident #Kubernetes enthusiast @vac4n7 says 👀 out for these 3 events: https://t.co/7vfKB47Muv
At #KubeCon? Visit us at S11!
@rakyll I’ve always thought it’d be super cool to have metrics that give you a sense for the responsiveness of the maintainers & the general friction to contribute. Mean time to first response, resolution, rate of merge vs. reject rate, frequency of releases, etc!
@bradgeesaman Sometimes you need a lil pick-me-up for the next meeting and coffee won’t cut it
@bradgeesaman I accidentally included my cell phone in in a reply to some marketing person a few months ago. Forgot it was in my signature… the spam calls since have been SO annoying!
These Kubernetes tabletop sessions with @petersilberman and I are going to be a lot of fun (and hopefully informative)! Excited that @bradgeesaman can join us for some extra /honk
This just in: @bradgeesaman will be joining the fray 8/25 & 9/1 for a little extra fun as your #Kubernetes "phone a friend" lifeline.
Still need to sign up? Here's that reg link https://t.co/qkbcoR3J0t cc @petersilberman @vac4n7 @kubernetesio
What’s your #SOC or #MDR’s defect trend over the course of the pandemic?
What do you mean they don’t track that? How then do they know if they’re getting better or worse?
So incredibly proud to work at @expel_io and with people like @jhencinski.
The Global Response Team at @expel_io is hiring! If you’re a passionate incident responder or looking to blend in some blue to your red team skills — we’d love to talk to you!
👇Senior D&R Analyst role details:👇
https://t.co/QtFkQy2SMu
@amrandazz So true. It took me a long time to figure that out. When you enjoy your work it’s hard to see the burn out until it hits you. Putting break times in my daily routine has helped with the new all remote norm even if it’s just a 10 minute walk!
We often say that we want to develop critical thinking skills in ourselves and others. But, how do we recognize when someone has those skills? What does that look like? Three ideas... 1/
@ssimonsen0202 @expel_io @MSDefenderATP Our platform allows us to automate tasks like this natively. But Microsoft makes it easy to do - we’re using the Advanced Hunting API!
https://t.co/W7W8c29j0z
I get to work on a lot of cool things at @expel_io but some of the most rewarding stuff includes instrumenting products like @MSDefenderATP's hunting API to do investigation for us. For example: A file is detected by AV -> Did it run? The DeviceProcessEvents table has the answer!
Where else is this file in the environment? --> DeviceFileEvents
Did it communicate on the network? --> DeviceNetworkEvents
... TLDR; there's a lot of great context to be had if you know where to look!
But there's more! What if the file was remediated? You can query DeviceEvents to find out 😎
Since launching our 24x7x365 SOC as a service almost two years ago we’ve achieved:
✅ +90 net promoter score
✅ 95% analyst retention rate
How? 🤔
Habits. Seven, in fact — that we believe help us “SOC” the right way at @expel_io. #7dailyhabits
https://t.co/Cp4738BOyc
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.2M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers