EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future
Cloud Security Podcast by Google
00:00
How to Use Sim to Detect Known Threats
If we wanted to do rules that detect specific known threats, I'd leave it to the vendors that do that better. To the EDR vendors at the end point, to an NTA vendor, to an IDS vendor. If I'm going to write a lot of very specific signature detection rules, I's going to do it somewhere else. So I use sim to look for patterns, repeat attacks, success after failed, anomalous events. A spiking quantity, an activity that nobody else like them does. Those are different. They can be different. But they also can be the same in many minds.
Transcript
Play full episode
