This course aims to help security professionals improve the effectiveness of their alerting systems by addressing common challenges such as noisy alerts and lack of industry standards. Participants will learn how to create actionable and maintainable alerts by implementing tools and processes like run-books, self-service alerts, and frequency monitoring. The course covers topics such as alert standardization, testing, reducing false positives, and measuring success. The intended audience for this course includes security team members looking to enhance their alerting capabilities and streamline incident response processes.
Overview
Syllabus
Introduction
Microservices
Security Pipeline
Common Pitfalls
No Standards
Yelps Standards
Lack of Visibility
Actionability
Email Alerts
Email Events
Solutions
SLA
Actionable alerting service
Selfservice alerts
Selfservice alert example
Assigning ownership
Alert standardization
Testing
False Positives
Measuring Success
Recap
Taught by
Security BSides San Francisco
