all InfoSec news
Do you disable alarms that have a lot of false positives or do you condition your soc team to just ignore them because they can still be potential IOCs?
Our infosec team has an app called varonis which has all these monitoring rules in place.
I'm doing a 90 day audit of the alerts that come from this app. We've gotten ~2000 alerts in 90 days and not a single one seems to have been a real attack unless we just suck and are currently pwned.
One specific monitoring rule is …
More from www.reddit.com / cybersecurity
@ Protect Democracy | Remote, US
Cybersecurity Systems Security Engineer II-T
@ ManTech | 809AR - Ft Carson,Colorado Springs,CO
Security Engineer (Supporting NASA at JSC)
@ KBR, Inc. | USA, Houston, 2101 NASA Parkway, Building 21, Texas
Head of Security & IT
@ ORFIUM | Dublin, County Dublin, Ireland
Chief Privacy Officer
@ Nike | Santa Clara,CA
@ SPINS | Chicago, IL