Using Sigma rules in EventSentry
Shows how to create EventSentry event log filters based on Sigma rules, along with a short overview of Sigma rules in general.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The latest News and Information on Security Incident and Event Management.
How Exabeam Detects LLM Abuse for Google Cloud Model Armor
In this demo, see how the Exabeam New-Scale Security Operations Platform integrates with Google Cloud Model Armor to detect and stop abuse of large language models (LLMs). You’ll learn how Exabeam: Monitors AI activity for suspicious or malicious behavior Uses advanced analytics to spot LLM misuse in real time Helps security teams enforce responsible AI use policies Watch how Exabeam and Google Cloud work together to provide stronger visibility, detection, and protection against emerging threats targeting LLMs.
How Graylog Helps You Spot LockBit-Style Attacks Sooner
The DFIR Report recently detailed a LockBit attack with ransomware intrusion that succeeded without advanced exploits or zero-day vulnerabilities. The attack relied on a stolen AnyDesk installer, credential reuse, and renamed PowerShell scripts that blended into routine activity. These moves were not sophisticated, but they were fast and effective. The end result: complete domain encryption.
From endpoint to XDR: Operationalize Jamf Protect data in Elastic Security
Enhance your threat detection, investigation, and response capabilities by integrating Jamf Protect macOS data within Elastic Security. Security teams often struggle to detect and respond to macOS threats with endpoint data alone. The integration with Jamf Protect changes that. Jamf Protect delivers rich macOS telemetry and built-in protections like Threat Prevention and Network Protection, powered by Jamf Threat Labs.
LimaCharlie Search Demo: SIEM Capabilities for Modern SecOps
Get a first look at LimaCharlie's new advanced Search feature in this demo walkthrough. Search transforms how security teams investigate alerts, hunt for threats, and build detections across their entire security stack.
Case Management with Falcon Next-Gen SIEM
Speed and structure are essential for modern incident response. Falcon Next-Gen SIEM introduces built-in Case Management, giving security teams a unified workspace to organize detections, artifacts, and related activity. Analysts can standardize investigations with templates, enforce SLAs, and escalate cases automatically to the right teams.
Smart Logging Without the Price Trap
How much value are you really getting from your logs, and what are you giving up to stay on budget? In this episode of Logs and Lattes, host Palmer Wallace sits down with Seth Goldhammer, VP of Product Management at Graylog, for a candid conversation about the hidden cost of traditional SIEM pricing. Seth explains how ingest-based and resource-heavy licensing models pressure security teams into tough tradeoffs, such as dropping logs, tuning down detections, or limiting retention just to avoid budget overages.
Ten modern SIEM use cases at cloud scale
The role of SIEM has never gone away. From the beginning, it’s been the backbone of security operations: the system where logs converge, alerts are analyzed, and incidents are investigated. What’s changed is our ability to use it correctly. Legacy, traditional SIEM tools forced trade-offs. Teams filtered data at ingest, dropped logs to control costs, or siloed analytics into disconnected point tools. The result was a SIEM that felt heavy, reactive, and underwhelming.
Elastic Security Explained: Transparency, AI, and the Future of Threat Hunting
Elastic’s James Spiteri joins John Hammond to dive deep into the evolution of Elastic Security, from the ELK stack’s early days to today’s full-fledged, unified SIEM, XDR, and cloud security solution powered by agentic AI and automation. They discuss free tools, open detections, and how Elastic is making cybersecurity more accessible and collaborative for everyone.
Security Pipelines Are Broken. Here's How to Fix Them
There’s a quiet failure at the heart of many security programs. It’s not a lack of data. It’s too much of the wrong data. Telemetry pipelines built for volume, not visibility, now flood teams with noise instead of insight. The result? More alerts. Slower response. Overworked analysts are stuck maintaining ingestion rules instead of catching real threats.