Purple Team Strategies by David Routin Simon Thoores and Samuel Rossier
Author:David Routin, Simon Thoores, and Samuel Rossier
Language: eng
Format: epub
Publisher: Packt Publishing Ltd.
Published: 2022-05-19T00:00:00+00:00
This is not intended to be an exhasutive list of criteria but only some of the questions and features that may impact our organization collection and correlation capabilities.
Tips and Tricks
Handling a large volume of AV/EDR alerts can be done using multiple approaches. The first one relies on the analysis of the events already generated, such as severity level, types of threats, and whether blocked or not. For example, we want to generate an alert for each High severity event or Sigma rule match (pattern approach). First, we should review and assess the volume of potential alerts. Another approach will be described in the next chapter (in the SIEM section) and is based on both aggregation (counting distinct alerts over 24 hours by host) and frequency detection (for example, a malicious program was removed but the same threat came back the next day). So, the best way for AV/EDR alerting and triaging is a combination of both pattern matching and a statistical approach.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4131)
Ego Is the Enemy by Ryan Holiday(3991)
Offensive Shellcode from Scratch by Rishalin Pillay(3676)
Exploring Deepfakes by Bryan Lyon and Matt Tora(3267)
Robo-Advisor with Python by Aki Ranin(3047)
Learning C# by Developing Games with Unity 2021 by Harrison Ferrone(2875)
Speed Up Your Python with Rust by Maxwell Flitton(2852)
Liar's Poker by Michael Lewis(2812)
Agile Security Operations by Hinne Hettema(2807)
Linux Command Line and Shell Scripting Techniques by Vedran Dakic and Jasmin Redzepagic(2806)
OPNsense Beginner to Professional by Julio Cesar Bueno de Camargo(2805)
Extreme DAX by Michiel Rozema & Henk Vlootman(2790)
Essential Cryptography for JavaScript Developers by Alessandro Segala(2741)
Elevating React Web Development with Gatsby by Samuel Larsen-Disney(2732)
Python for ArcGIS Pro by Silas Toms Bill Parker(2647)
AI-Powered Commerce by Andy Pandharikar & Frederik Bussler(2642)
Incident Response Techniques for Ransomware Attacks by Oleg Skulkin(2628)
Distributed .NET with Microsoft Orleans by Bhupesh Guptha Muthiyalu Suneel Kumar Kunani(2628)
Cryptography Algorithms by Massimo Bertaccini(2627)