Learn how to enhance your Security Information and Event Management (SIEM) system's effectiveness through improved notifications and situational awareness. This conference talk explores techniques for creating more intelligent and context-aware SIEM alerts. Discover how to incorporate additional data sources, implement scoring mechanisms, and leverage asset databases to prioritize and enrich notifications. Gain insights into practical examples and understand the inner workings of SIEMs to optimize your security monitoring capabilities.
Overview
Syllabus
Intro
Notables
Scores
First Example
Additional Data Sources
Score Modification
Web Server
Asset Database
Examples
Example 3 More Fun
How SIEMs Work
QA Time
