Implementing MITRE ATT&CK into a SOC

Sdílet
Vložit
  • čas přidán 28. 08. 2024

Komentáře • 8

  • @JP-wd1yo
    @JP-wd1yo Před 3 lety +4

    8:56 I like how there is a green screen of chicken wings behind you and nobody questions it in the comment section

  • @alexanderbrill1
    @alexanderbrill1 Před 3 lety +1

    Do you have the XML for that dashboard you made?

  • @user-ry2eo6nw6i
    @user-ry2eo6nw6i Před 3 lety

    Hi can you help me??

  • @youbecks5647
    @youbecks5647 Před 3 lety

    Splunk is not a SIEM it is Big data tool.

    • @amyheng4892
      @amyheng4892 Před 3 lety +5

      Splunk enterprise security is a SIEM, built on a data platform.

    • @christopherharazinski5644
      @christopherharazinski5644 Před 3 lety

      @@amyheng4892 you are largely correct, but that depends of your definition of the SIEM. Enterprise Security (ES) has got extensions towards Threat Intel, UBA, automation, an incident response which makes the platform more valuable in comparicement to the traditional Gartner-definition of SIEM-products. Imagine best security practices in a box productized in form of interactive dashboards with several frameworks - that's your ES.