all InfoSec news
Carbon Filter: Real-time Alert Triage Using Large Scale Clustering and Fast Search
May 9, 2024, 4:11 a.m. | Jonathan Oliver, Raghav Batta, Adam Bates, Muhammad Adil Inam, Shelly Mehta, Shugao Xia
cs.CR updates on arXiv.org arxiv.org
Abstract: "Alert fatigue" is one of the biggest challenges faced by the Security Operations Center (SOC) today, with analysts spending more than half of their time reviewing false alerts. Endpoint detection products raise alerts by pattern matching on event telemetry against behavioral rules that describe potentially malicious behavior, but can suffer from high false positives that distract from actual attacks. While alert triage techniques based on data provenance may show promise, these techniques can take over …
alert alert fatigue alerts alert triage analysts arxiv carbon center challenges clustering cs.cr cs.lg detection endpoint endpoint detection event fast fatigue filter large operations products real rules scale search security security operations security operations center soc spending telemetry today triage
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Security Operations Vice President - Content Developer
@ JPMorgan Chase & Co. | Jersey City, NJ, United States
Computer and Forensics Investigator
@ ManTech | 221BQ - Cstmr Site,Springfield,VA
Senior Security Analyst
@ Oracle | United States