%term

The latest News and Information on Security Incident and Event Management.

Understanding AWS Cloud Security

Apr 22, 2025 By Jeff Darrington In Graylog

When Amazon Web Services (AWS) initially launched in 2006, it offered the first compute, storage, and database cloud service that developers could build on. Over time, AWS became a fundamental cloud service provider as organizations started migrating to the cloud. As one of the three primary cloud services providers, AWS remains integral to most businesses.

Read Post

Graylog

Read more about Understanding AWS Cloud Security

Using LimaCharlie as an Observability Pipeline to reduce SIEM storage costs

Apr 18, 2025 By LimaCharlie In LimaCharlie

LimaCharlie's SecOps Cloud Platform (SCP) creates a scalable, versatile, and actionable observability pipeline by collecting and standardizing telemetry from the full security stack. Stream data from any input, route it to any output. The SCP provides visibility into telemetry sources and empowers users to create automated responses to actionable events in the pipeline.

View Video

LimaCharlie

Read more about Using LimaCharlie as an Observability Pipeline to reduce SIEM storage costs

Strengthening cyber resilience with Elastic Security and Observability

Apr 18, 2025 By Ravi Ramnani In Elastic

A guide to aligning with SEBI’s CSCRF using Elastic's integrated security and observability capabilities Financial institutions in India are preparing for a new era of cybersecurity compliance with the Securities and Exchange Board of India’s (SEBI) Cybersecurity and Cyber Resilience Framework (CSCRF).

Read Post

Elastic

Read more about Strengthening cyber resilience with Elastic Security and Observability

Hunting with Elastic Security: Detecting command and scripting interpreter execution

Apr 17, 2025 By Justin Higdon In Elastic

Stealthy adversaries continually exploit system utilities to execute malicious code. A particularly potent and frequently misused tactic is MITRE ATT&CK T1059 - Command and Scripting Interpreter, wherein attackers harness built-in interpreters like PowerShell, Bash, Python, or JavaScript to run arbitrary commands.

Read Post

Elastic

Read more about Hunting with Elastic Security: Detecting command and scripting interpreter execution

Empowering US federal AI initiatives: How Elastic helps agencies comply with M-25-21 and M-25-22

Apr 16, 2025 By Eric Cobb, In Elastic

A practical guide for chief AI officers and technology leaders implementing federal AI governance The US Office of Management and Budget's recent memoranda — M-25-21, "Accelerating Federal Use of AI through Innovation, Governance, and Public Trust," and M-25-22, "Driving Efficient Acquisition of Artificial Intelligence in Government" — establish comprehensive frameworks for federal agencies that implement AI systems while maintaining appropriate safeguards.

Read Post

Elastic

Read more about Empowering US federal AI initiatives: How Elastic helps agencies comply with M-25-21 and M-25-22

CMMC Compliance Automation in the SIEM

Apr 15, 2025 By UTMStack In UTMStack

In this video, I walk you through the essentials of UTMStack compliance automation, specifically focusing on CMMC compliance. I explain how to navigate the compliance menu and ensure the correct framework is selected. I also highlight the automatic evaluation of controls and the options available for exporting reports. Please make sure to review the controls and provide any necessary evidence if the system indicates non-compliance.

View Video

UTMStack

Read more about CMMC Compliance Automation in the SIEM

Managing False Positives and Alert Fatigue in SIEM

Apr 15, 2025 By UTMStack In UTMStack

In this video, I walk you through the process of managing false positives in the UTMSatck platform. We often encounter numerous false positives when starting with a new SIEM, which can lead to confusion and unnecessary alerts. I demonstrate how to tag these false positives effectively and filter them out to streamline our alert system. Please make sure to implement the tagging rules I discussed to help reduce noise in your SOC team's workflow.

View Video

UTMStack

Read more about Managing False Positives and Alert Fatigue in SIEM

Creating Custom Dashboards in UTMStack

Apr 15, 2025 By UTMStack In UTMStack

In this video, I walk you through the process of creating custom dashboards and visualizations in UTMStack SIEM. I demonstrate how to build various types of visualizations, such as pie charts and bar charts, to effectively display alert data. I also highlight the importance of adding filters for better data management and how to set up auto-refresh for real-time monitoring. Please make sure to follow along and try creating your own dashboards as we go through the steps together!

View Video

UTMStack

Read more about Creating Custom Dashboards in UTMStack

Elastic Security simplifies customization of prebuilt SIEM detection rules

Apr 15, 2025 By Kseniia Ignatovych In Elastic

Customizing and updating prebuilt SIEM detection rules just got easier, improving precision, enabling broader coverage, and saving time. Customizing and updating prebuilt detection rules is now easier than ever with Elastic Security. We’ve streamlined detection engineering workflows and enabled greater use case coverage with out-of-the-box SIEM detection rules.

Read Post

Elastic

Read more about Elastic Security simplifies customization of prebuilt SIEM detection rules

Strategies for accelerating a successful log migration

Apr 14, 2025 By Nicholas Thomson In Datadog

Log management becomes more challenging as both log volume and diversity rapidly grow. Yet many companies still rely on legacy log management and SIEM solutions that aren’t designed to cost-effectively or securely handle the large scale of logs today coming from sources both in the cloud and on premises.

Read Post