Member-only story

Baselines 101: Building Resilient, Frictionless SIEM Detections

How to leverage Enterprises' Circadian Window to spot unusual activity and potentially uncover cyber threats.

Alex Teixeira
Detect FYI

--

If you landed here expecting to read about another fancy, supervised machine learning (label-dependent) algorithm; I'm sorry to disappoint you! You can head straight here and help yourself.

My goal is to help and inspire product teams and fellow practitioners to start using baselines in their SIEM/XDR platforms while keeping it simple.

Franz Halberg coined the term “circadian” (from Latin: circa diem, meaning “around a day”).

For those following this blog long enough, you know that I'm a huge fan of leveraging data analytics as input for threat detection:

So in case you haven’t realized yet, let’s make it crystal clear:

To successfully engage SOC and IR teams, an alert must contain easily digestible behavioral insights originating not from one

--

--

Responses (1)

What are your thoughts?