SIEMs have historically done well in helping organizations detect threats. Modern threat activity has shown, however, that tracking pre-selected data and relying on IOCs …
SIEMs have historically done well in helping organizations detect threats. Modern threat activity has shown, however, that tracking pre-selected data and relying on IOCs …
This quick-read will show that by understanding what's present on the network, how hosts behave, and what's typical for your organization, one can correlate weak signals through a time-based analysis of logs to detect anomalies inside your network.
Zeek can give you so much insight into what's going on in your network, but it can feel like drinking from the firehose - dozens of files full of terse log entries, and no easy way to cross-reference...
