all InfoSec news
Do you disable alarms that have a lot of false positives or do you condition your soc team to just ignore them because they can still be potential IOCs?
Nov. 16, 2023, 10:28 a.m. | /u/whatamidoinghere009
cybersecurity www.reddit.com
Our infosec team has an app called varonis which has all these monitoring rules in place.
I'm doing a 90 day audit of the alerts that come from this app. We've gotten ~2000 alerts in 90 days and not a single one seems to have been a real attack unless we just suck and are currently pwned.
One specific monitoring rule is …
alarms alerts analyst app called cybersecurity false positives infosec iocs lot monitoring reporting soc soc analyst team varonis
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Associate Principal Security Engineer
@ Activision Blizzard | Work from Home - CA
Security Engineer- Systems Integration
@ Meta | Bellevue, WA | Menlo Park, CA | New York City
Lead Security Engineer (Digital Forensic and IR Analyst)
@ Blue Yonder | Hyderabad
Senior Principal IAM Engineering Program Manager Cybersecurity
@ Providence | Redmond, WA, United States
Information Security Analyst II or III
@ Entergy | The Woodlands, Texas, United States