#securityoperations — Public Fediverse posts

NCSC Warns of Flawed SOC Metrics

The National Cyber Security Centre is warning that common security operations center metrics are fundamentally flawed, and that the only metric that truly matters is whether attacks are detected and responded to in a timely manner. By focusing on easily quantifiable but misleading metrics, organizations may inadvertently be encouraging their teams to prioritize…

https://osintsights.com/ncsc-warns-of-flawed-soc-metrics?utm_source=mastodon&utm_medium=social

#SocMetrics #SecurityOperations #Secops #NationalCyberSecurityCentre #Ncsc

What is DCSync Attack and Mimikatz Usage in Active Directory

One of the most critical attacks in Active Directory environments, DCSync, allows attackers to impersonate a Domain Controller and extract password hashes through replication abuse.

#CyberSecurity #ActiveDirectory #DCSync #RedTeam #BlueTeam #InfoSec #Pentesting #SOC #ThreatDetection #WindowsSecurity #EthicalHacking #ITSecurity #NetworkSecurity #SecurityOperations #DenizHalil

https://denizhalil.com/2026/03/27/dcsync-attack-active-directory-guide/

What is DCSync Attack and Mimikatz Usage in Active Directory

One of the most critical attacks in Active Directory environments, DCSync, allows attackers to impersonate a Domain Controller and extract password hashes through replication abuse.

#CyberSecurity #ActiveDirectory #DCSync #RedTeam #BlueTeam #InfoSec #Pentesting #SOC #ThreatDetection #WindowsSecurity #EthicalHacking #ITSecurity #NetworkSecurity #SecurityOperations #DenizHalil

https://denizhalil.com/2026/03/27/dcsync-attack-active-directory-guide/

https://www.europesays.com/africa/?p=109043 US Military Support for Nigeria is Normal, DHQ Confirms #BokoHaram #CounterTerrorism #DefenceHeadquarters #DHQ #ForeignAid #MilitaryOperations #MilitaryTraining #NationalSecurity #Nigeria #OperationSafeCorridor #SecurityOperations #SecurityPartnership #sovereignty #USMilitary #USMilitarySupport #USNigeriaRelations

Third-party breach, 38M impacted, European e-commerce sector.
ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
Authorities notified: CNIL, ANSSI.
Passwords not reportedly accessed.
Subcontractor access revoked.

Key risk vectors:
– SaaS support platforms
– Vendor access governance
– Over-retention of ticketing data
– Centralized customer communication logs
– Supply chain attack surface expansion

This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

How mature is your third-party risk telemetry?
Engage below.

Source: https://www.bleepingcomputer.com/news/security/european-dyi-chain-manomano-data-breach-impacts-38-million-customers/

Follow @technadu for high-signal infosec reporting.

Repost to amplify awareness across the security community.

#Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

Sector alert: European football club targeted.

Olympique de Marseille confirmed an attempted cyberattack following alleged data leak claims involving:
• ~400,000 supporter records
• 2,050+ Drupal CMS accounts
• E-commerce and membership-related data
No confirmed compromise of banking credentials, investigation ongoing, incident reported to CNIL.
Attack surface observations:
– CMS exposure risk
– High-value fan PII aggregation
– Merchandising platforms as entry vectors
– Sector-wide vulnerability patterns (preceded by FFF breach)
Sports organizations increasingly mirror enterprise-scale digital infrastructures - yet often lack comparable security maturity.

What baseline controls should leagues enforce - MFA mandates, zero trust architecture, CMS hardening standards?

Source: https://www.bleepingcomputer.com/news/security/olympique-marseille-football-club-confirms-cyberattack-after-data-leak/

Engage in the comments.
Follow TechNadu for high-signal infosec coverage.

Repost to amplify sector awareness.

#Infosec #DrupalSecurity #DataBreach #SportsSecurity #ThreatIntelligence #CyberRisk #GDPRCompliance #SecurityOperations #DigitalForensics #CyberDefense

Incident Overview:
• Accidental disclosure via incorrect link sharing
• Recipient knowingly accessed confidential police documents
• Refusal to delete without compensation
• Arrest under suspected computer trespass provisions

Security Takeaways:
– Operational errors remain a primary breach vector
– Access control workflows must differentiate upload vs. download permissions
– User awareness and response protocols are critical
– Legal frameworks increasingly address post-error exploitation

This case illustrates a subtle but important principle: accidental exposure does not equate to authorized access.

From a governance and control perspective, what technical safeguards would you implement to prevent similar incidents?

Engage below.
Follow @technadu for cybersecurity intelligence and policy analysis.

#Infosec #DataGovernance #AccessControl #CyberLaw #SecurityOperations #IncidentResponse #RiskManagement #PrivacyCompliance #TechNadu

Incident Overview:
• Accidental disclosure via incorrect link sharing
• Recipient knowingly accessed confidential police documents
• Refusal to delete without compensation
• Arrest under suspected computer trespass provisions

Security Takeaways:
– Operational errors remain a primary breach vector
– Access control workflows must differentiate upload vs. download permissions
– User awareness and response protocols are critical
– Legal frameworks increasingly address post-error exploitation

This case illustrates a subtle but important principle: accidental exposure does not equate to authorized access.

From a governance and control perspective, what technical safeguards would you implement to prevent similar incidents?

Engage below.
Follow @technadu for cybersecurity intelligence and policy analysis.

#Infosec #DataGovernance #AccessControl #CyberLaw #SecurityOperations #IncidentResponse #RiskManagement #PrivacyCompliance #TechNadu

Incident Overview:
• Accidental disclosure via incorrect link sharing
• Recipient knowingly accessed confidential police documents
• Refusal to delete without compensation
• Arrest under suspected computer trespass provisions

Security Takeaways:
– Operational errors remain a primary breach vector
– Access control workflows must differentiate upload vs. download permissions
– User awareness and response protocols are critical
– Legal frameworks increasingly address post-error exploitation

This case illustrates a subtle but important principle: accidental exposure does not equate to authorized access.

From a governance and control perspective, what technical safeguards would you implement to prevent similar incidents?

Engage below.
Follow @technadu for cybersecurity intelligence and policy analysis.

#Infosec #DataGovernance #AccessControl #CyberLaw #SecurityOperations #IncidentResponse #RiskManagement #PrivacyCompliance #TechNadu

Incident Overview:
• Accidental disclosure via incorrect link sharing
• Recipient knowingly accessed confidential police documents
• Refusal to delete without compensation
• Arrest under suspected computer trespass provisions

Security Takeaways:
– Operational errors remain a primary breach vector
– Access control workflows must differentiate upload vs. download permissions
– User awareness and response protocols are critical
– Legal frameworks increasingly address post-error exploitation

This case illustrates a subtle but important principle: accidental exposure does not equate to authorized access.

From a governance and control perspective, what technical safeguards would you implement to prevent similar incidents?

Engage below.
Follow @technadu for cybersecurity intelligence and policy analysis.

#Infosec #DataGovernance #AccessControl #CyberLaw #SecurityOperations #IncidentResponse #RiskManagement #PrivacyCompliance #TechNadu

🚨 Legitimate RMM Abuse in Crazy Ransomware Intrusions

Huntress investigations reveal:
• Net Monitor for Employees deployed via msiexec
• SimpleHelp persistence via PowerShell
• Disguised binaries (OneDriveSvc.exe, vhost.exe)
• Defender service tampering
• Crypto wallet keyword monitoring
• SSL VPN credential compromise as initial access

The adversary leveraged redundancy across remote access tools to guarantee persistence even if one method was removed.

Key takeaway: Detection must focus on anomalous deployment patterns of legitimate administrative tools - not just malware signatures.

Are you correlating RMM installations with VPN authentication anomalies?

Engage with your defensive insights below.
Follow @technadu for advanced threat intelligence coverage.

Source: https://www.bleepingcomputer.com/news/security/crazy-ransomware-gang-abuses-employee-monitoring-tool-in-attacks/

#InfoSec #ThreatHunting #Ransomware #MFA #RMM #CyberDefense #SecurityOperations #BlueTeam #ThreatIntel

🚨 Legitimate RMM Abuse in Crazy Ransomware Intrusions

Huntress investigations reveal:
• Net Monitor for Employees deployed via msiexec
• SimpleHelp persistence via PowerShell
• Disguised binaries (OneDriveSvc.exe, vhost.exe)
• Defender service tampering
• Crypto wallet keyword monitoring
• SSL VPN credential compromise as initial access

The adversary leveraged redundancy across remote access tools to guarantee persistence even if one method was removed.

Key takeaway: Detection must focus on anomalous deployment patterns of legitimate administrative tools - not just malware signatures.

Are you correlating RMM installations with VPN authentication anomalies?

Engage with your defensive insights below.
Follow @technadu for advanced threat intelligence coverage.

Source: https://www.bleepingcomputer.com/news/security/crazy-ransomware-gang-abuses-employee-monitoring-tool-in-attacks/

#InfoSec #ThreatHunting #Ransomware #MFA #RMM #CyberDefense #SecurityOperations #BlueTeam #ThreatIntel

🚨 Legitimate RMM Abuse in Crazy Ransomware Intrusions

Huntress investigations reveal:
• Net Monitor for Employees deployed via msiexec
• SimpleHelp persistence via PowerShell
• Disguised binaries (OneDriveSvc.exe, vhost.exe)
• Defender service tampering
• Crypto wallet keyword monitoring
• SSL VPN credential compromise as initial access

The adversary leveraged redundancy across remote access tools to guarantee persistence even if one method was removed.

Key takeaway: Detection must focus on anomalous deployment patterns of legitimate administrative tools - not just malware signatures.

Are you correlating RMM installations with VPN authentication anomalies?

Engage with your defensive insights below.
Follow @technadu for advanced threat intelligence coverage.

Source: https://www.bleepingcomputer.com/news/security/crazy-ransomware-gang-abuses-employee-monitoring-tool-in-attacks/

#InfoSec #ThreatHunting #Ransomware #MFA #RMM #CyberDefense #SecurityOperations #BlueTeam #ThreatIntel

🚨 Legitimate RMM Abuse in Crazy Ransomware Intrusions

Huntress investigations reveal:
• Net Monitor for Employees deployed via msiexec
• SimpleHelp persistence via PowerShell
• Disguised binaries (OneDriveSvc.exe, vhost.exe)
• Defender service tampering
• Crypto wallet keyword monitoring
• SSL VPN credential compromise as initial access

The adversary leveraged redundancy across remote access tools to guarantee persistence even if one method was removed.

Key takeaway: Detection must focus on anomalous deployment patterns of legitimate administrative tools - not just malware signatures.

Are you correlating RMM installations with VPN authentication anomalies?

Engage with your defensive insights below.
Follow @technadu for advanced threat intelligence coverage.

Source: https://www.bleepingcomputer.com/news/security/crazy-ransomware-gang-abuses-employee-monitoring-tool-in-attacks/

#InfoSec #ThreatHunting #Ransomware #MFA #RMM #CyberDefense #SecurityOperations #BlueTeam #ThreatIntel

🚨 JokerOTP PhaaS Seller Arrested - Netherlands

A coordinated law enforcement operation has resulted in the arrest of a suspected JokerOTP access seller. The platform enabled automated OTP interception via synchronized login attempts and vishing bots.

Impact:
• $10M in financial damage
• 28,000+ attacks
• 13 countries affected
• High-value targets: PayPal, Coinbase, Amazon, Apple

This incident underscores the operational reality: MFA bypass increasingly exploits the human layer rather than technical vulnerabilities.

Are phishing-resistant authentication methods becoming mandatory rather than optional?
Engage below with your defensive strategy insights.

Source: https://www.bleepingcomputer.com/news/security/police-arrest-seller-of-jokerotp-mfa-passcode-capturing-tool/

Follow @technadu for ongoing threat intelligence and global cybercrime updates.

#InfoSec #ThreatIntelligence #PhishingDefense #MFABypass #CyberCrime #SecurityOperations #FraudPrevention #TechNadu

Atlassian audit logs aren’t useless. They’re shaped wrong.

Nested JSON and shifting arrays turn simple questions into manual work. Dashboards break. The fix isn’t more parsing in the SIEM. It’s modeling audit data at the edge.
https://graylog.org/post/from-atlassian-json-to-actionable-audit-insights/
#SecurityOperations #SIEM #AuditLogs

Security planners supporting the Milano Cortina Winter Games say drones are now treated as a baseline threat category for major international events - alongside cyber incidents, protests, and opportunistic crime.

Officials highlighted the importance of coordination, terrain awareness at outdoor venues, and clear enforcement of no-drone zones, noting that most incidents historically involve unauthorized filming rather than malicious intent.

From a security operations perspective, where should priority be placed as event complexity increases?

Source: https://www.reuters.com/world/us-security-team-flags-drone-threat-milano-cortina-games-2026-01-26/

Join the discussion and follow @technadu for grounded reporting on security and technology.

#EventSecurity #CounterUAS #CyberRisk #SecurityOperations #InfoSec #TechNadu

The British Army’s £279M investment in a permanent cyber regiment base signals how cyber defence is being treated as critical operational infrastructure.

With tens of thousands of attempted intrusions reported in recent years, the focus is shifting toward secure facilities, specialist training environments, and long-term capability building - rather than ad-hoc cyber responses.

From an InfoSec standpoint, this raises important questions around resilience, talent development, and sustained defensive readiness.

Follow @technadu for neutral analysis on cyber defence, threat landscapes, and security strategy.

Professional discussion welcome.

#CyberDefense #MilitaryCyber #InfoSec #CyberResilience #SecurityOperations #CyberInfrastructure #ThreatLandscape #DefenseTech

The British Army’s £279M investment in a permanent cyber regiment base signals how cyber defence is being treated as critical operational infrastructure.

With tens of thousands of attempted intrusions reported in recent years, the focus is shifting toward secure facilities, specialist training environments, and long-term capability building - rather than ad-hoc cyber responses.

From an InfoSec standpoint, this raises important questions around resilience, talent development, and sustained defensive readiness.

Follow @technadu for neutral analysis on cyber defence, threat landscapes, and security strategy.

Professional discussion welcome.

#CyberDefense #MilitaryCyber #InfoSec #CyberResilience #SecurityOperations #CyberInfrastructure #ThreatLandscape #DefenseTech

The British Army’s £279M investment in a permanent cyber regiment base signals how cyber defence is being treated as critical operational infrastructure.

With tens of thousands of attempted intrusions reported in recent years, the focus is shifting toward secure facilities, specialist training environments, and long-term capability building - rather than ad-hoc cyber responses.

From an InfoSec standpoint, this raises important questions around resilience, talent development, and sustained defensive readiness.

Follow @technadu for neutral analysis on cyber defence, threat landscapes, and security strategy.

Professional discussion welcome.

#CyberDefense #MilitaryCyber #InfoSec #CyberResilience #SecurityOperations #CyberInfrastructure #ThreatLandscape #DefenseTech

The British Army’s £279M investment in a permanent cyber regiment base signals how cyber defence is being treated as critical operational infrastructure.

With tens of thousands of attempted intrusions reported in recent years, the focus is shifting toward secure facilities, specialist training environments, and long-term capability building - rather than ad-hoc cyber responses.

From an InfoSec standpoint, this raises important questions around resilience, talent development, and sustained defensive readiness.

Follow @technadu for neutral analysis on cyber defence, threat landscapes, and security strategy.

Professional discussion welcome.

#CyberDefense #MilitaryCyber #InfoSec #CyberResilience #SecurityOperations #CyberInfrastructure #ThreatLandscape #DefenseTech

ESA is assessing claims of a data exposure involving hundreds of gigabytes of internal and contractor-linked information, following a prior incident disclosed weeks earlier.

Alleged data types include operational procedures, satellite system documentation, and third-party materials - highlighting challenges around:
Long-term identity and access management
Vendor and contractor trust boundaries
Monitoring across complex, distributed environments

This case reinforces the importance of continuous risk assessment and defense-in-depth, especially for organizations supporting critical infrastructure and research missions.

What defensive control would you prioritize in environments like this?

Source: https://www.theregister.com/2026/01/07/european_space_agency_breach_criminal_probe/

Engage in the discussion and follow TechNadu for objective InfoSec reporting.

#InfoSec #CyberDefense #ThirdPartyRisk #CriticalInfrastructure #SecurityOperations #TechNadu

Turning plain language into firewall rules https://www.helpnetsecurity.com/2026/01/06/research-natural-language-firewall-configuration/ #securityoperations #cybersecurity #VersaNetworks #Don'tmiss #Features #Hotstuff #firewall #research #strategy #FireMon #howto #News #LLMs #tips

OpenAEV: Open-source adversarial exposure validation platform https://www.helpnetsecurity.com/2026/01/05/openaev-open-source-adversarial-exposure-validation-platform/ #securityoperations #endpointsecurity #opensource #Don'tmiss #Hotstuff #Filigran #software #GitHub #News

Detailed article discusses competing policy directions for (1) USA to be a leader in drone technology vs (2) the need to prevent drones from being used to inflict major harm in the USA. No paywall.

Pic is an image from the article. As if we did not already have enough to worry about. 😟
#Drone #CounterDrone #Defense #SecurityOperations

AI in a SOC shouldn’t be “push button, solve security.” It’s better as a force multiplier: faster triage, cleaner investigations, safer automation, and way less copy/paste misery.

I also get into the guardrails that actually matter (evidence-first summaries, human-in-the-loop, prompt injection, least privilege).

Read it here: https://www.kylereddoch.me/blog/putting-ai-to-work-in-the-soc/

#cybersecurity #SOC #SecurityOperations #AI #IncidentResponse #SIEM #SOAR

AI in a SOC shouldn’t be “push button, solve security.” It’s better as a force multiplier: faster triage, cleaner investigations, safer automation, and way less copy/paste misery.

I also get into the guardrails that actually matter (evidence-first summaries, human-in-the-loop, prompt injection, least privilege).

Read it here: https://www.kylereddoch.me/blog/putting-ai-to-work-in-the-soc/

#cybersecurity #SOC #SecurityOperations #AI #IncidentResponse #SIEM #SOAR

Check out ˗ˏˋ ⭒ https://lnkd.in/gE2wUqgc ⭒ ˎˊ˗ to see my intro whilst you listen.

I'm thus re-naming this work as "CVE Keeper - Security at x+1; rethinking vulnerability management beyond CVSS & scanners". I must also thank @andrewpollock for reviewing several of my verbose drafts. 🫡

So, Security at x+1; rethinking vulnerability management beyond CVSS & scanners -

Most vulnerability tooling today is optimized for disclosure and alert volume, not for making correct decisions on real systems. CVEs arrive faster than teams can evaluate them, scores are generic, context arrives late, and we still struggle to answer the only question that matters: does this actually put my system at risk right now?

Over the last few years working close to CVE lifecycle automation, I’ve been designing an open architecture that treats vulnerability management as a continuous, system-specific reasoning problem rather than a static scoring task. The goal is to assess impact on the same day for 0-days using minimal upstream data, refine accuracy over time as context improves, reason across dependencies and compound vulnerabilities, and couple automation with explicit human verification instead of replacing it.

This work explores:

⤇ 1• Same-day triage of newly disclosed and 0-day vulnerabilities
⤇ 2• Dependency-aware and compound vulnerability impact assessment
⤇ 3• Correlating classical CVSS with AI-specific threat vectors
⤇ 4• Reducing operational noise, unnecessary reboots, and security burnout
⤇ 5• Making high-quality vulnerability intelligence accessible beyond enterprise teams

The core belief is simple: most security failures come from misjudged impact, not missed vulnerabilities. Accuracy, context, and accountability matter more than volume.

I’m sharing this to invite feedback from folks working in CVE, OSV, vulnerability disclosure, AI security, infra, and systems research. Disagreement and critique are welcome. This problem affects everyone, and I don’t think incremental tooling alone will solve it.

P.S.

• Super appreciate everyone that's spent time reviewing my drafts and reading all my essays lol. I owe you 🫶🏻
• ... and GoogleLM. These slides would have taken me forever to make otherwise.

Take my CVE-data User Survey to allow me to tailor your needs into my design - lnkd.in/gcyvnZeE
See more at - lnkd.in/gGWQfBW5
lnkd.in/gE2wUqgc

#VulnerabilityManagement #Risk #ThreatModeling #CVE #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntelligence #ApplicationSecurity #SecurityOperations #ZeroDay #RiskManagement #DevSecOps #CVE #CVEAnalysis #VulnerabilityDisclosure #SecurityData #CVSS #VulnerabilityAssessment #PatchManagement #AI #AIML #AISecurity #MachineLearning #AIThreats #AIinSecurity #SecureAI #OSS #Rust #ZeroTrust #Security

https://www.linkedin.com/feed/update/urn:li:activity:7409399623087370240

Trend Micro’s 2026 predictions highlight the shift toward industrialized cybercrime driven by AI automation, autonomous intrusion workflows, and synthetic attack chains. Hybrid cloud, supply chains, and AI ecosystems are expected to face increasing pressure.

How can defenders balance automation with human validation in the coming years?

Source: https://cxotoday.com/press-release/trend-micro-predicts-2026-as-the-year-cybercrime-becomes-fully-industrialized/

Follow us for more fact-driven analysis.

#infosec #cybersecurity #AI #automation #cloudsecurity #supplychainsecurity #threatintel #securityoperations #ransomware #technadu

New blog post live for my Sentinel Saturday series! :1000: :apartyblobcat:
Read the blog 👉 https://marshsecurity.org/sentinel-saturday-using-tasks-with-automation/

In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.

Most teams aren’t getting the full #value out of Tasks in Microsoft Sentinel. Are you? When you combine Sentinel Tasks with automation, they become a game-changer.

- Auto-create tasks when automation fails (so nothing slips through the cracks)
- Auto-complete tasks when automation succeeds
- Use tasks to verify automation outcomes
- Build engineering feedback loops and automation #QA

Read the blog 👉 https://marshsecurity.org/sentinel-saturday-using-tasks-with-automation/

#MicrosoftSentinel #SentinelAutomation #CyberSecurity #SOCAutomation
#CloudSecurity #AzureSecurity #SIEM #SecOps #Automation #InfoSec
#CyberSecurityCommunity #BlueTeam #ThreatDetection #SecurityEngineering #SecurityOperations

We❤️ Bob!

You know Bob—stuck in the #SOC, drowning in data he can't actually use, trying to do his job with tools that seem designed to slow him down rather than help him solve problems.
I've always felt for Bob.
His passion is real, but the system?
Not so much.

Now I have hope for Bob, thanks to Crogl, Inc.

monzy merza, CEO at Crogl, Inc., joins Sean Martin, CISSP and me for a conversation that's part philosophy, part rebellion, and part actual product demo—showing how a SOC can work when data never has to move and analysts finally get their time back.

We dig into what happens when you stop forcing everything into the same shape and start letting analysts actually investigate.

AI's role in collaboration. Building trust across the SOC. And Monzy drops this gem: "You don't eat food from a chef who's never eaten food. Why build a company without truly understanding the problem?" 🍳 👨‍🍳 🔪

This is exactly why Studio C60 / ITSPmagazine exists—to tell stories that matter, challenge assumptions, and maybe give Bob a fighting chance.

Here's to many more conversations like this one with Crogl, Inc.'s Team!

Stop normalizing everything. Start solving something.

📺 Watch the video and demo: https://www.youtube.com/watch?v=7C4zOvF9sdk

📖 Read the article: https://www.itspmagazine.com/their-stories/how-to-make-one-soc-analyst-work-like-ten-stop-normalizing-everythingstart-solving-something-a-crogl-brand-story-conversation-and-product-demo-with-ceo-monzy-merza

🎧 Listen to the audio: https://brand-stories-podcast.simplecast.com/episodes/how-to-make-one-soc-analyst-work-like-ten-stop-normalizing-everythingstart-solving-something-a-crogl-brand-story-conversation-with-ceo-monzy-merza-gUWf0fbo

🌐 Learn more about Crogl: https://itspm.ag/crogl-103909

🔖 More Crogl stories: https://www.itspmagazine.com/directory/crogl

#cybersecurity #ai #soc #securityoperations #technology #innovation #brandstory #podcast #welovebob #infosec #agenticAI #genAI #infoseurity

Are you working on building an efficient SOC? We can help! 🙌 It's important to start by developing a strategy—as your #security goals must align with business objectives. 💡 In our latest blog, we outline and detail 7 key steps to follow for SOC success. ⭐ They include:

1️⃣ Developing the strategy
2️⃣ Designing the solution
3️⃣ Developing processes, procedures, & training
4️⃣ Investing in tools & services to fill gaps
5️⃣ Preparing your environment
6️⃣ Implementing the solution
7️⃣ Deploying end-to-end use cases

Read on to learn more about these 7 key steps along with roles and responsibilities of SOC team members, and more.

https://graylog.org/post/7-steps-to-an-efficient-security-operations-center-design/ #CyberSecurity #SIEM #TDIR #APISecurity #SecurityOperations

Are you working on building an efficient SOC? We can help! 🙌 It's important to start by developing a strategy—as your #security goals must align with business objectives. 💡 In our latest blog, we outline and detail 7 key steps to follow for SOC success. ⭐ They include:

1️⃣ Developing the strategy
2️⃣ Designing the solution
3️⃣ Developing processes, procedures, & training
4️⃣ Investing in tools & services to fill gaps
5️⃣ Preparing your environment
6️⃣ Implementing the solution
7️⃣ Deploying end-to-end use cases

Read on to learn more about these 7 key steps along with roles and responsibilities of SOC team members, and more.

https://graylog.org/post/7-steps-to-an-efficient-security-operations-center-design/ #CyberSecurity #SIEM #TDIR #APISecurity #SecurityOperations

Are you working on building an efficient SOC? We can help! 🙌 It's important to start by developing a strategy—as your #security goals must align with business objectives. 💡 In our latest blog, we outline and detail 7 key steps to follow for SOC success. ⭐ They include:

1️⃣ Developing the strategy
2️⃣ Designing the solution
3️⃣ Developing processes, procedures, & training
4️⃣ Investing in tools & services to fill gaps
5️⃣ Preparing your environment
6️⃣ Implementing the solution
7️⃣ Deploying end-to-end use cases

Read on to learn more about these 7 key steps along with roles and responsibilities of SOC team members, and more.

https://graylog.org/post/7-steps-to-an-efficient-security-operations-center-design/ #CyberSecurity #SIEM #TDIR #APISecurity #SecurityOperations

Are you working on building an efficient SOC? We can help! 🙌 It's important to start by developing a strategy—as your #security goals must align with business objectives. 💡 In our latest blog, we outline and detail 7 key steps to follow for SOC success. ⭐ They include:

1️⃣ Developing the strategy
2️⃣ Designing the solution
3️⃣ Developing processes, procedures, & training
4️⃣ Investing in tools & services to fill gaps
5️⃣ Preparing your environment
6️⃣ Implementing the solution
7️⃣ Deploying end-to-end use cases

Read on to learn more about these 7 key steps along with roles and responsibilities of SOC team members, and more.

https://graylog.org/post/7-steps-to-an-efficient-security-operations-center-design/ #CyberSecurity #SIEM #TDIR #APISecurity #SecurityOperations

Are you working on building an efficient SOC? We can help! 🙌 It's important to start by developing a strategy—as your #security goals must align with business objectives. 💡 In our latest blog, we outline and detail 7 key steps to follow for SOC success. ⭐ They include:

1️⃣ Developing the strategy
2️⃣ Designing the solution
3️⃣ Developing processes, procedures, & training
4️⃣ Investing in tools & services to fill gaps
5️⃣ Preparing your environment
6️⃣ Implementing the solution
7️⃣ Deploying end-to-end use cases

Read on to learn more about these 7 key steps along with roles and responsibilities of SOC team members, and more.

https://graylog.org/post/7-steps-to-an-efficient-security-operations-center-design/ #CyberSecurity #SIEM #TDIR #APISecurity #SecurityOperations

With SIEMs, ingest-based and resource-heavy licensing models pressure #security teams into tough tradeoffs—like dropping logs, tuning down detections, or limiting retention just to avoid budget overages. 💸

But, tradeoffs like these affect compliance, visibility, detection capabilities, and response time. 😱 Seriously... when you drop data, you drop context! 👎 And, missing context can turn a minor oversight into a major blind spot. 🙈

Watch this enlightening discussion and learn how flexible data routing can allow your team to prioritize the data that powers threat detection, while retaining the rest cost-effectively in a standby data lake. 💡

https://www.youtube.com/watch?v=c7he-teNdO8 #SIEM #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

With SIEMs, ingest-based and resource-heavy licensing models pressure #security teams into tough tradeoffs—like dropping logs, tuning down detections, or limiting retention just to avoid budget overages. 💸

But, tradeoffs like these affect compliance, visibility, detection capabilities, and response time. 😱 Seriously... when you drop data, you drop context! 👎 And, missing context can turn a minor oversight into a major blind spot. 🙈

Watch this enlightening discussion and learn how flexible data routing can allow your team to prioritize the data that powers threat detection, while retaining the rest cost-effectively in a standby data lake. 💡

https://www.youtube.com/watch?v=c7he-teNdO8 #SIEM #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

With SIEMs, ingest-based and resource-heavy licensing models pressure #security teams into tough tradeoffs—like dropping logs, tuning down detections, or limiting retention just to avoid budget overages. 💸

But, tradeoffs like these affect compliance, visibility, detection capabilities, and response time. 😱 Seriously... when you drop data, you drop context! 👎 And, missing context can turn a minor oversight into a major blind spot. 🙈

Watch this enlightening discussion and learn how flexible data routing can allow your team to prioritize the data that powers threat detection, while retaining the rest cost-effectively in a standby data lake. 💡

https://www.youtube.com/watch?v=c7he-teNdO8 #SIEM #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

With SIEMs, ingest-based and resource-heavy licensing models pressure #security teams into tough tradeoffs—like dropping logs, tuning down detections, or limiting retention just to avoid budget overages. 💸

But, tradeoffs like these affect compliance, visibility, detection capabilities, and response time. 😱 Seriously... when you drop data, you drop context! 👎 And, missing context can turn a minor oversight into a major blind spot. 🙈

Watch this enlightening discussion and learn how flexible data routing can allow your team to prioritize the data that powers threat detection, while retaining the rest cost-effectively in a standby data lake. 💡

https://www.youtube.com/watch?v=c7he-teNdO8 #SIEM #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

With SIEMs, ingest-based and resource-heavy licensing models pressure #security teams into tough tradeoffs—like dropping logs, tuning down detections, or limiting retention just to avoid budget overages. 💸

But, tradeoffs like these affect compliance, visibility, detection capabilities, and response time. 😱 Seriously... when you drop data, you drop context! 👎 And, missing context can turn a minor oversight into a major blind spot. 🙈

Watch this enlightening discussion and learn how flexible data routing can allow your team to prioritize the data that powers threat detection, while retaining the rest cost-effectively in a standby data lake. 💡

https://www.youtube.com/watch?v=c7he-teNdO8 #SIEM #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

🕵️‍♂️ KQL is both a science and an art.

If you’ve ever felt your Sentinel queries were running slow or costing more than they should, you’re not alone.
This week’s #SentinelSaturdays covers how to write leaner, faster, more efficient KQL queries with practical examples you can use today.

🔗 Read the full walkthrough here: https://marshsecurity.org/sentinel-skills-saturday-edition-one/

Share your comments 👇
What’s YOUR top KQL tip or favourite optimisation trick?

Let’s build a thread of practical advice for the hunting community.
#MicrosoftSentinel #KQL #ThreatHunting #SecurityOperations

Grab a cuppa joe and cozy up to your computer for Episode 2 of Logs & Lattes! 🪵 ☕ This week, host Palmer Wallace is talking with Rich Murphy about how you can go from noise to action — and get smarter security ops that reduce risk. ⬇️ ⚠️

From alert fatigue to risk-first response, let's unpack practical ways you can:
✔️ Prioritize real threats
✔️ Automate with context
✔️ Make incident response faster & more effective
✔️ Make SOAR useful for lean teams

In this episode, we discuss how to respond to #security alerts with purpose, not just speed. Ready? Let's dive in.

📺 👉 https://youtu.be/a40J3rSs_PI #SIEM #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

Grab a cuppa joe and cozy up to your computer for Episode 2 of Logs & Lattes! 🪵 ☕ This week, host Palmer Wallace is talking with Rich Murphy about how you can go from noise to action — and get smarter security ops that reduce risk. ⬇️ ⚠️

From alert fatigue to risk-first response, let's unpack practical ways you can:
✔️ Prioritize real threats
✔️ Automate with context
✔️ Make incident response faster & more effective
✔️ Make SOAR useful for lean teams

In this episode, we discuss how to respond to #security alerts with purpose, not just speed. Ready? Let's dive in.

📺 👉 https://youtu.be/a40J3rSs_PI #SIEM #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

Grab a cuppa joe and cozy up to your computer for Episode 2 of Logs & Lattes! 🪵 ☕ This week, host Palmer Wallace is talking with Rich Murphy about how you can go from noise to action — and get smarter security ops that reduce risk. ⬇️ ⚠️

From alert fatigue to risk-first response, let's unpack practical ways you can:
✔️ Prioritize real threats
✔️ Automate with context
✔️ Make incident response faster & more effective
✔️ Make SOAR useful for lean teams

In this episode, we discuss how to respond to #security alerts with purpose, not just speed. Ready? Let's dive in.

📺 👉 https://youtu.be/a40J3rSs_PI #SIEM #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

Grab a cuppa joe and cozy up to your computer for Episode 2 of Logs & Lattes! 🪵 ☕ This week, host Palmer Wallace is talking with Rich Murphy about how you can go from noise to action — and get smarter security ops that reduce risk. ⬇️ ⚠️

From alert fatigue to risk-first response, let's unpack practical ways you can:
✔️ Prioritize real threats
✔️ Automate with context
✔️ Make incident response faster & more effective
✔️ Make SOAR useful for lean teams

In this episode, we discuss how to respond to #security alerts with purpose, not just speed. Ready? Let's dive in.

📺 👉 https://youtu.be/a40J3rSs_PI #SIEM #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

Grab a cuppa joe and cozy up to your computer for Episode 2 of Logs & Lattes! 🪵 ☕ This week, host Palmer Wallace is talking with Rich Murphy about how you can go from noise to action — and get smarter security ops that reduce risk. ⬇️ ⚠️

From alert fatigue to risk-first response, let's unpack practical ways you can:
✔️ Prioritize real threats
✔️ Automate with context
✔️ Make incident response faster & more effective
✔️ Make SOAR useful for lean teams

In this episode, we discuss how to respond to #security alerts with purpose, not just speed. Ready? Let's dive in.

📺 👉 https://youtu.be/a40J3rSs_PI #SIEM #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

Drum roll please! 🥁🥁🥁 Today we are excited to introduce the new Logs & Lattes podcast. 💥🎙️ In this inaugural episode, Seth Goldhammer joins host Palmer Wallace to talk about the hidden cost of traditional #SIEM pricing. ⛔ 💵 🤔

How much value are we really getting from our logs, and what are we giving up to stay on budget? Let's talk about how ingest-based and resource-heavy licensing models pressure #security teams into tough tradeoffs—like dropping logs, tuning down detections, or limiting retention just to avoid budget overages. 😓

But, there’s a smarter way forward. 😍 Learn how to escape this tradeoff trap and get the most out of your security data. Watch now! 📺 👇

https://youtu.be/c7he-teNdO8 #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

Drum roll please! 🥁🥁🥁 Today we are excited to introduce the new Logs & Lattes podcast. 💥🎙️ In this inaugural episode, Seth Goldhammer joins host Palmer Wallace to talk about the hidden cost of traditional #SIEM pricing. ⛔ 💵 🤔

How much value are we really getting from our logs, and what are we giving up to stay on budget? Let's talk about how ingest-based and resource-heavy licensing models pressure #security teams into tough tradeoffs—like dropping logs, tuning down detections, or limiting retention just to avoid budget overages. 😓

But, there’s a smarter way forward. 😍 Learn how to escape this tradeoff trap and get the most out of your security data. Watch now! 📺 👇

https://youtu.be/c7he-teNdO8 #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes

Drum roll please! 🥁🥁🥁 Today we are excited to introduce the new Logs & Lattes podcast. 💥🎙️ In this inaugural episode, Seth Goldhammer joins host Palmer Wallace to talk about the hidden cost of traditional #SIEM pricing. ⛔ 💵 🤔

How much value are we really getting from our logs, and what are we giving up to stay on budget? Let's talk about how ingest-based and resource-heavy licensing models pressure #security teams into tough tradeoffs—like dropping logs, tuning down detections, or limiting retention just to avoid budget overages. 😓

But, there’s a smarter way forward. 😍 Learn how to escape this tradeoff trap and get the most out of your security data. Watch now! 📺 👇

https://youtu.be/c7he-teNdO8 #SecurityOperations #LogManagement #CyberSecurity #Graylog #TDIR #LogsandLattes