%term

The latest News and Information on Security Incident and Event Management.

Elastic Security | AI Assistant Demo

Apr 11, 2024 By Elastic In Elastic

Elastic AI Assistant can provide real-time, personalized alert insights — empowering security teams to stay one step ahead in the ever-evolving threat landscape. With the power of large language models (LLMs), the AI Assistant can process multiple alerts simultaneously, offering an unprecedented level of insight and customization. You can interact with your data by asking complex questions and receiving context-aware responses tailored to your needs. Watch this demo from James Spiteri, Director of Product Management at Elastic to see what's new in the Elastic AI Assistant in Elastic Security 8.12.

View Video

Elastic

Read more about Elastic Security | AI Assistant Demo

Three Ways To Remove Complexity in TDIR

Apr 11, 2024 By The Graylog Team In Graylog

Gartner identified security technology convergence as one of the key trends both in 2022 and 2023 as a necessity to remove complexity in the industry. Especially for Threat Detection and Incident Response (TDIR), simplification continues to resonate with cyber teams overwhelmed by too many tools and the continuous cutting and pasting from one tool to another.

Read Post

Graylog

Read more about Three Ways To Remove Complexity in TDIR

The Ultimate Guide to Sigma Rules

Apr 9, 2024 By Jeff Darrington In Graylog

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.

Read Post

Graylog

Read more about The Ultimate Guide to Sigma Rules

Tracing history: The generative AI revolution in SIEM

Apr 9, 2024 By Mike Nichols, In Elastic

The cybersecurity domain mirrors the physical space, with the security operations center (SOC) acting as your digital police department. Cybersecurity analysts are like the police, working to deter cybercriminals from attempting attacks on their organization or stopping them in their tracks if they try it. When an attack occurs, incident responders, akin to digital detectives, piece together clues from many different sources to determine the order and details of events before building a remediation plan.

Read Post

Elastic

Read more about Tracing history: The generative AI revolution in SIEM

AT&T DDoS Portal Contacts Management Video

Apr 8, 2024 By LevelBlue In LevelBlue

In this video, you'll learn about AT&T DDoS Defense Service contact management and how the company administrator adds a new contact. Contacts are notified in the event of a DDoS attack. So it's important to keep the contacts list up to date and accurate.

View Video

LevelBlue

Read more about AT&T DDoS Portal Contacts Management Video

5 reasons why observability and security work well together

Apr 8, 2024 By Jennifer Ellard, In Elastic

Site reliability engineers (SREs) and security analysts — despite having very different roles — share a lot of the same goals. They both employ proactive monitoring and incident response strategies to identify and address potential issues before they become service impacting. They also both prioritize organizational stability and resilience, aiming to minimize downtime and disruptions.

Read Post

Elastic

Read more about 5 reasons why observability and security work well together

AT&T DDoS Defense Portal Email Alert Video

Apr 8, 2024 By LevelBlue In LevelBlue

In this video, you'll learn about AT&T DDoS Defense Service Alert Emails. We'll also give you an overview of the investigation process. For any high severity alerts, which are caused by traffic exceeding thresholds in protected zones, the DDoS Defense Service sends an alert email to your contacts. At the same time, a ticket is created for the AT&T Threat Management Team to investigate the alert.

View Video

LevelBlue

Read more about AT&T DDoS Defense Portal Email Alert Video

Graylog and SOC Prime Form Exclusive Partnership to Make Threat Detection and Response More Effective and Efficient

Apr 3, 2024 By Graylog In Graylog

Collaboration significantly enhances enterprise cybersecurity posture within hours.

Read Post

Graylog

Read more about Graylog and SOC Prime Form Exclusive Partnership to Make Threat Detection and Response More Effective and Efficient

Does Your SIEM Offer Enough Flexibility? Questions to Ask

Apr 2, 2024 By Devo In Devo

When evaluating a SIEM, two key factors stand out: flexibility in data handling and open architecture. These two elements significantly enhance a platform’s efficiency and adaptability in managing cybersecurity threats. Whether you’re evaluating your current SIEM or looking for a more modern solution, here are five questions to ask to gauge its flexibility.

Read Post

Devo

Read more about Does Your SIEM Offer Enough Flexibility? Questions to Ask

Responding to CVE-2024-3094 - Supply chain compromise of XZ Utils

Apr 1, 2024 By Anton Ovrutsky In Sumo Logic

It seems as though responders cannot catch a break when it comes to 0-day vulnerabilities and supply chain compromise avenues. On March 29th, 2024, the Cybersecurity & Infrastructure Security Agency published an alert regarding a supply chain compromise of the XZ Utils package. At time of writing, there is no information regarding exploitation of the vulnerability and follow-on post-compromise activity.

Read Post