all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Do you disable alarms that have a lot of false positives or do you condition your soc team to just ignore them because they can still be potential IOCs?

Add to bookmarks
Nov. 16, 2023, 10:28 a.m. | /u/whatamidoinghere009

cybersecurity www.reddit.com

I'm a soc analyst and I've been tasked with reporting on the alerts our soc team is receiving.

Our infosec team has an app called varonis which has all these monitoring rules in place.

I'm doing a 90 day audit of the alerts that come from this app. We've gotten ~2000 alerts in 90 days and not a single one seems to have been a real attack unless we just suck and are currently pwned.

One specific monitoring rule is …

alarms alerts analyst app called cybersecurity false positives infosec iocs lot monitoring reporting soc soc analyst team varonis

Visit resource

More from www.reddit.com / cybersecurity

Got a job as a Information Security Engineer; any book recs? 12 hours ago | www.reddit.com
book books ccsp certification +13
Any CCISO holders that can offer insight into the exam? 13 hours ago | www.reddit.com
admin can compliance council +18
Penetration testing report 13 hours ago | www.reddit.com
app cybersecurity penetration penetration testing +2
UCF wins the National Collegiate Cyber Defense Competition 14 hours ago | www.reddit.com
competition cyber cyber defense cybersecurity +4
Composition of roles in a security team 16 hours ago | www.reddit.com
cybersecurity endpoint grc interest +12
What are your top 5 questions to ask before hiring a Managed Security Service Provider … 18 hours ago | www.reddit.com
alignment ask capabilities communication +22
How much knowledge do you guys know about the industry that you work in? 19 hours ago | www.reddit.com
banking cybersecurity etc gas +8
Cisco reveals zero-day attacks used by hackers to attack government networks in major threat campaign 21 hours ago | www.reddit.com
attack attacks campaign cisco +7
Any Fortune 100 company go all in on Microsoft E5 Security Suite? 1 day, 7 hours ago | www.reddit.com
all in cybersecurity defender defenders +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Associate Principal Security Engineer

@ Activision Blizzard | Work from Home - CA
View on infosec-jobs.com

Security Engineer- Systems Integration

@ Meta | Bellevue, WA | Menlo Park, CA | New York City
View on infosec-jobs.com

Lead Security Engineer (Digital Forensic and IR Analyst)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Senior Principal IAM Engineering Program Manager Cybersecurity

@ Providence | Redmond, WA, United States
View on infosec-jobs.com

Information Security Analyst II or III

@ Entergy | The Woodlands, Texas, United States
View on infosec-jobs.com
View more jobs