The following are (3) three critical factors for any SIEM successful deployment to deliver visibility into your cyber security health in real time;
Log sources selection – the data from log sources plays a vital part to give you the visibility of your whole IT real-estate in a single pane of glass.
Use cases or correlation rules – these are the rules to identify threats using information from you log sources and correlating them threat intelligence.; Example Threats; IoC (Indicators of Compromise), TTP (Tactics , Techniques Procures), MD5, Filenames, IPs, Domains, C2, URLs, ATPs, Registry keys, file hashes,Email addresses, email subject, links and attachments. Trying to identify to Known knowns, known unknowns, unknown unknowns.
Breach Attack Simulation – all too often, events that do make it to the SIEM don’t result in a notable or correlated event because of faulty configurations as well as problems around alerting, parsing, time stamping, routing etc., meaning that the likelihood of a human seeing and responding to the event is very low. Therefore, it is vital to, test Use cases via a Red Team and Attack scenario based on specific exploits.
0 comments:
Post a Comment