Threat Detection Bad Trips: Log Everything!

3 min readMar 14

--

Alright, this is a public service for SIEM engineers. How many times you've heard that answer when someone asks 'What should be logged?' and how hard is it today to predict the outcome of over-logging?

Disclaimer: all opinions here are applicable to enterprise, corporate environments only. That's where most of my experience comes from. It doesn't apply to SMBs or military environments, for instance.

Know your recipes

Alex Teixeira

Written by Alex Teixeira

I design and build threat detection models and triage/hunting interfaces for Enterprise #SecOps teams #DetectionEngineering http://opstune.com

More from Alex Teixeira

Alex Teixeira

The dotted lines between Threat Hunting and Detection Engineering

There's no way out, the practices of Detection Engineering and Threat Hunting are becoming utterly important within a Cyber Security…

5 min readFeb 25

--

Alex Teixeira

RATs Race: Detecting remote access tools beyond pattern-based indicators

This is a post to highlight the importance of rich telemetry and how it serves well for strengthening alert signals when coupling static…

11 min readApr 26

--

Alex Teixeira

A Research-Driven process applied to Threat Detection Engineering Inputs

This article is an evolution of a previous one I wrote on Jira Workflows for Detection Engineering teams but more focused on the detection…

4 min readMar 5

--

Alex Teixeira

JIRA workflow for Detection Engineering teams

Threat Detection Engineering practice seems to be evolving. Not only because of easier log management methods and platforms, but because…

4 min readNov 22, 2019

--

See all from Alex Teixeira

Recommended from Medium

Adam Goss

The Holy Bible of Threat Intelligence

Let’s explore the MITRE ATT&CK framework and find out why it’s the number #1 tool for any cyber threat intelligence analyst!

9 min readFeb 20

--

Antivirus vs EDR vs XDR © 2022 leeshanok

Richard de Vries
in
Tales from a Security Professional

Is EDR with Sysmon enough? Or do you need XDR as well?

Although the difference is just one letter, the level of protection is a different story…

3 min readJan 29

--

Lists

Staff Picks

323 stories82 saves

Stories to Help You Level-Up at Work

19 stories53 saves

Self-Improvement 101

20 stories104 saves

Productivity 101

20 stories113 saves

StringMeteor
in
Level Up Coding

Understanding Cyber Threats: the Attack Flow Project

A new language toolset for describing adversarial behaviors leveraging thread modeling approaches such as the MITRE ATT&CK taxonomy.

4 min readMar 13

--

The PyCoach
in
Artificial Corner

You’re Using ChatGPT Wrong! Here’s How to Be Ahead of 99% of ChatGPT Users

Master ChatGPT by learning prompt engineering.

7 min readMar 17

--

Muhammad Laraib Khan

Making Security Certification Tier List

It’s difficult to create a definitive “tier list” for security certifications, as the value and importance of a particular certification…

2 min readDec 16, 2022

--

SOCFortress

Wazuh and Snyk (snyk.io) integration to scan Docker image vulnerabilities.

Intro

3 min readMar 27

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech