The hottest Alerts Substack posts right now

And their main takeaways
Category
Top News Topics

Unraveling SIEM Correlation Techniques

Detection at Scale 119 implied HN points 01 Apr 24
🕹 Technology Security Monitoring Correlation Alerts Cybersecurity
  1. Correlation rules in SIEM define relationships between malicious behaviors and entities, helping in effective security monitoring and alert generation.
  2. Correlations can be simple, focusing on one technique like Brute Force, or complex, combining multiple techniques and tactics across various log sources for higher-fidelity alerts.
  3. Understanding the layers of SIEM correlation, from basic rule creation to more advanced chaining of techniques, is essential for effective cybersecurity defense.

China's Volt Typhoon Has Lived in Critical Networks for At Least Five Years

Metacurity 19 implied HN points 08 Feb 24
📰 News Cybersecurity China Ransomware Hackers Alerts
  1. Chinese hacking group Volt Typhoon has been living in critical networks of some industries in the US for at least five years.
  2. Ransomware payments topped $1.1 billion in 2023, nearly doubling from the previous year, due to a surge in attacks.
  3. UN investigates 58 suspected cyberattacks by North Korea totaling $3 billion to fund its nuclear weapons program.

Think Like a Detection Engineer, Pt. 2: Rule Writing

Detection at Scale 39 implied HN points 25 Jul 22
🕹 Technology Security Software Development Testing Alerts Automation
  1. Analyzing security data effectively involves identifying and flagging bad behaviors near high-risk assets.
  2. Writing rules based on observed attacker techniques and behaviors allows for a clear path to action in response to detected threats.
  3. Testing rules through phases like unit testing, backtesting, staging, and production helps refine and ensure alert accuracy before implementation.

What is Observability?

Technically 0 implied HN points 06 Mar 24
🕹 Technology Systems Monitoring Data Business Alerts
  1. Observability helps teams monitor when things go wrong and profile how things change over time in different software systems
  2. Observability can be divided into 4 major types: infrastructure, application, data, and business observability, each requiring different tools and teams for monitoring
  3. Business observability focuses on monitoring how metrics are trending, important events, and providing proactive alerts to make better decisions

Five Lessons From Detection & Response Leaders

Detection at Scale 0 implied HN points 26 Sep 22
🕹 Technology Security Engineering Automation Alerts Focus
  1. Start with high-quality log data to effectively protect what you can see and establish a reliable source during incidents.
  2. Detection teams are adopting software engineering practices to enhance scale and efficiency, promoting continuous improvement and collaboration.
  3. Automated response in security operations is crucial to reduce human error, focus on critical tasks, and evolve from reactive to proactive detection and response.
Get a weekly roundup of the best Substack posts, by hacker news affinity: