Security Incident and Event Management platforms are one of the most important tools in a security team's arsenal. They are also one of the most expensive and time consuming tools in that same toolbox. For a fledging security team, a SIEM may seem like one of the first project to undertake (if you have your … Continue reading SIEM Use Cases: Defining ‘Why’
Initial Security Onion Problems
I have been working on implementing Security Onion in a production environment. The two major problems that have given me headaches so far is storage on the sensor nodes, and internal networking. Networking Problem Security Onion uses docker to create and manage different aspects of itself. Below is a good image of the different containers … Continue reading Initial Security Onion Problems
Demisto Playbooks
I have been doing a lot of work on playbook design and automation recently, and stumbled upon some really great work by Demisto, a security automation platform. I haven't been able to experiment with the product, so can't say how good I feel it is. The playbook blog they run, though, is very helpful! For … Continue reading Demisto Playbooks
Guided Security 