Building a SOC with Azure Sentinel: Detection Engineering & SOAR Automation
Introduction The main goal of this project is to gain a deeper understanding of the Tactics, Techniques, and Procedures (TTPs) that threat actors use to exploit their targets. Additionally, this project aims to develop and leverage detection rules to alert our Security Information and Event Management (SIEM) system, increasing visibility across our network and reducing response time to potential security incidents. What is a SIEM? A SIEM is a centralized system that ingests logs from any source where an agent is installed.
Read more...