all InfoSec news
Do you disable alarms that have a lot of false positives or do you condition your soc team to just ignore them because they can still be potential IOCs?
Nov. 16, 2023, 10:28 a.m. | /u/whatamidoinghere009
cybersecurity www.reddit.com
Our infosec team has an app called varonis which has all these monitoring rules in place.
I'm doing a 90 day audit of the alerts that come from this app. We've gotten ~2000 alerts in 90 days and not a single one seems to have been a real attack unless we just suck and are currently pwned.
One specific monitoring rule is …
alarms alerts analyst app called cybersecurity false positives infosec iocs lot monitoring reporting soc soc analyst team varonis
More from www.reddit.com / cybersecurity
How does hiring in APT groups work?
11 hours ago |
www.reddit.com
State of WiFi Security in 2024
12 hours ago |
www.reddit.com
Prioritize Blue Team for Cybersecurity Success
14 hours ago |
www.reddit.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC