#jobs #incident #vulnerability #patch-management #security-tools #ai #exploit #malware #detection-engineering #phishing #cloud #aws #authentication #ransomware #breach
Articles tagged with: #siem Clear filter
BTL1 vs CJDE - Which one should I take to upskill as a SOC Engineer? Any other certs worth considering?

BTL1 vs CJDE - Which one should I take to upskill as a SOC Engineer? Any other certs worth considering?

cybersecurity www.reddit.com

Hey everyone, I recently started my first job as a SOC Engineer - in my country, they accept entry-level candidates for cybersecurity roles, so I was lucky enough to get in early. My current focus at work is mainly on the detection side - fine-tuning and creating detection rules for our SIEM. Now, my company is sponsoring me for a certification, and I'm currently torn between BTL1 and the newly released CJDE . I want to use this opportunity to upskill and strengthen my SOC engineering...

#detection-engineering #siem
Does Falcon Sensor send all Windows event logs to NG-SIEM, or do we need a separate windows connector?

Does Falcon Sensor send all Windows event logs to NG-SIEM, or do we need a separate windows connector?

CrowdStrike www.reddit.com

Hi all, We have a customer who wants to ingest Windows Server all events into CrowdStrike NG-SIEM (about 100 GB/day, 180-day retention) and later retrieve the logs for audit. If we install only the Falcon Sensor , will it forward all Windows event logs (Security, System, Application, etc.) to NG-SIEM? Or do we still need to set up a Windows connector / Falcon LogScale Collector / WEF-WEC to get those logs in? Customer doesn't want a separate log collector on their production server, so we're...

#siem
Threat Hunting tools

Threat Hunting tools

cybersecurity www.reddit.com

I am SOC Manager looking to purchase tools that can assist our team with Threat Hunting. Other than EDR and SIEM is there anything anyone else is using they find valuable? submitted by /u/Powerful_Film_9409 [link] [comments]

#edr #threat-hunting #siem
Is the SOC tech stack missing a management layer between the SIEM and SOAR?

Is the SOC tech stack missing a management layer between the SIEM and SOAR?

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

I've been thinking a lot about where the SOC tech stack is headed, especially with all the noise around "AI-powered SOCs." Here's my current hypothesis, and I'd love to hear others' thoughts: Most SOCs today are fragmented. Alerts live in the SIEM. Automations live in the SOAR Incidents live in Jira or ServiceNow. Knowledge lives in wikis or docs. That fragmentation kills context and consistency, which are the exact ingredients AI and automation need to actually perform well. I believe the next...

#soar #siem
SSL C2 bypassing EDR - Demo of SIEM detection + Detection as Code deployment

SSL C2 bypassing EDR - Demo of SIEM detection + Detection as Code deployment

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Hey everyone, I put together a video showing something I think many blue teams deal with: encrypted C2 traffic sailing right past EDR. In the demo, I run an SSL C2 connection that the EDR completely misses, then show how to detect it using SIEM. The second half covers building a detection rule and pushing it to the SIEM via a Detection-as-Code pipeline. What's covered: Using indicators in SIEM to spot the C2 sample Writing the detection logic Automating rule deployment with a DaC pipeline...

#detection-engineering #edr #ssl #siem
Help with Falcon Survivor CTF

Help with Falcon Survivor CTF

CrowdStrike www.reddit.com

Tomorrow I have in my office the NG-SIEM survivor ctf, I was wondering if anyone has done it before and has some tips to share? I haven't been able to find anything online and sadly I dont have much experience with NG-SIEM but would love to at least give it a good try... submitted by /u/Blackhawk2772 [link] [comments]

#siem
Bridging the Remediation Gap: Introducing Pentera Resolve

Bridging the Remediation Gap: Introducing Pentera Resolve

The Hacker News thehackernews.com

From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels, metadata, and context. What's missing is a system of action. How do you transition from the

#vulnerability #security-tools #detection-engineering #xdr #siem
CCSE - SIEM engineer the latest certification path in Crowdstrike.

CCSE - SIEM engineer the latest certification path in Crowdstrike.

CrowdStrike www.reddit.com

How good is it ? Any one already done it? I wanted to learn how well recognised it is in the industry? Most of the Crowdstrike courses or certification seems to be super expensive, but has good quality. though there are many alternative sources available. (alternatives - SPLUNK, Microsoft Sentinel, Fortinet) help me get some clarity. submitted by /u/Gloomy_Leek9666 [link] [comments]

#siem
Question about CS MDR

Question about CS MDR

CrowdStrike www.reddit.com

I recently talked to CrowdStrike about unifying SIEM + EDR + MDR under their platform. I was honestly shocked to learn just how much response they're capable of like removing registry keys or take other remediation actions per endpoint, based on your policy. When I asked how often they can run an incident to completion without my team's involvement, they said something along the lines of "nearly every time." For those of you who are fully onboard (or have been) with the full CrowdStrike stack:...

#security-tools #incident #edr #siem
Question about CS MDR

Question about CS MDR

cybersecurity www.reddit.com

I recently talked to CrowdStrike about unifying SIEM + EDR + MDR under their platform. I was honestly shocked to learn just how much response they're capable of like removing registry keys or take other remediation actions per endpoint, based on your policy. When I asked how often they can run an incident to completion without my team's involvement, they said something along the lines of "nearly every time." For those of you who are fully onboard (or have been) with the full CrowdStrike stack:...

#security-tools #incident #edr #siem
AI in SOCs sounds cool... until your data lets you down 🤖

AI in SOCs sounds cool... until your data lets you down 🤖

cybersecurity www.reddit.com

Stumble upon a piece on how AI is supposed to "transform" SOCs - faster detections, smarter hunts, etc. But here's the real deal: if your data's trash, your "AI-driven" alerts are just loud noise. They point out that sandbox-level behaviour (network traffic, process trees, registry changes) is way better input than vanilla SIEM logs. And yeah, tools like VMRay show up as examples of that kind of high-fidelity feed. Bottom line: AI won't fix broken telemetry or missing context. It just...

#patch-management #siem
CrowdStrike NG SIEM Alert - "Generic - Network - LDAP Traffic to the Internet" (Need Insight)

CrowdStrike NG SIEM Alert - "Generic - Network - LDAP Traffic to the Internet" (Need Insight)

cybersecurity www.reddit.com

Hey everyone, I'm seeing a recurring "Generic - Network - LDAP Traffic to the Internet" detection in CrowdStrike NG SIEM , coming from our Palo Alto NGFW logs . Here are the key details: Detection Type: Correlation Rule Detection Severity: High Tactic: Initial Access Technique: Exploit Public-Facing Application Log Source: Palo Alto NGFW Source Host: Internal application server Rule Name: Generic - Network - LDAP Traffic to the Internet We don't allow outbound LDAP traffic by policy, so...

#exploit #incident #detection-engineering #siem
CrowdStrike NG SIEM Alert - "Generic - Network - LDAP Traffic to the Internet" (Need Insight)

CrowdStrike NG SIEM Alert - "Generic - Network - LDAP Traffic to the Internet" (Need Insight)

CrowdStrike www.reddit.com

I'm seeing a recurring "Generic - Network - LDAP Traffic to the Internet" detection in CrowdStrike NG SIEM , coming from our Palo Alto NGFW logs . Here are the key details: Detection Type: Correlation Rule Detection Severity: High Tactic: Initial Access Technique: Exploit Public-Facing Application Log Source: Palo Alto NGFW Source Host: Internal application server Rule Name: Generic - Network - LDAP Traffic to the Internet We don't allow outbound LDAP traffic by policy, so this alert is...

#exploit #incident #detection-engineering #siem
False Positives

False Positives

cybersecurity www.reddit.com

For those of you working in incident response and SOC roles what percentage of alerts would you say are false positives? I've been in my current role for about a year now and 100% of the SIEM alerts we've had are false positives and we get almost 10 each day. Usually these alerts get generated after someone from IT does an administrative task and involves me either investigating myself or another team member which feels like 2 steps forward 1 step back in terms of productivity. Everything we do...

#incident #incident-response #siem
Looking for career progression advice

Looking for career progression advice

cybersecurity www.reddit.com

Hello folks, like the title says, I am looking for some advice. I am currently working as a security consultant for a small MSP that gives freedom to study and skill up and my career development talk is going to happen soon. What career path/education would you suggest in your experience for a person with 4-6 yrs of experience in SIEM, EDR and DLP solutions? I don't really have much experience in firewalls or networking. I am kinda being seen as the go to SIEM guy but do wish to broaden my...

#edr #siem #dlp
Crowdstrike events issue

Crowdstrike events issue

CrowdStrike www.reddit.com

Hey, I am currently working on DNIF SIEM where we receive the events from crowdstrike such as detectionsummaryevent, DNS request in a detection summary event, document access in a detection summary event etc. But suddenly we stopped receiving these events to our SIEM. However, receiving scheduledreport, authentication related events. When we checked with CS team, they have everything configured correctly to forward. What might be the issue. It will be very helpful if someone help in resolving...

#detection-engineering #authentication #siem
Elastic Search Query Generator

Elastic Search Query Generator

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

A buddy and I work in a MSSP SOC that uses Elastic SIEM and notice that AI tools were lagging a bit in generating decent queries. We pulled together a query generator using an AI agent, LLM, and fed it some training docs. Would be interested to see what everyone thinks - we might add more training docs to support other tools if people are interested https://querylab.prediciv.com/ submitted by /u/rob_ed28 [link] [comments]

#ai #siem
Host SIEM or Managed SIEM

Host SIEM or Managed SIEM

cybersecurity www.reddit.com

Hi all, We're looking for a Managed SIEM/SOC. We're heavily Microsoft based and Sentinel makes a lot of sense. However, I'm a bit concerned about us hosting Sentinel ourselves in our Azure tenant in order to take advantage the E5 discounts. If our Global Admin accounts are compromised, an attacker could just delete the instance? Alternatively, we could look at the managed security provider hosting the SIEM themselves. It doesn't have to be Sentinel. Maybe it's just there's always pros and cons,...

#azure #siem