%term

The latest News and Information on Security Incident and Event Management.

AI, out-of-the-box!

Jun 23, 2025 By Amena Siddiqi, In Elastic

Elastic's GenAI capabilities are now available by default in Elastic Cloud Elastic AI features in Elastic Security, Observability, and Search are now enabled by default in Elastic Cloud. Getting started with generative AI (GenAI) shouldn’t be a project in itself. Too often teams encounter organizational friction that slows adoption of AI-based features, from third-party contracts and external API keys, to additional terms of service and billing management.

Read Post

Elastic

Read more about AI, out-of-the-box!

How AI Can Reduce Alert Fatigue in Your SOC

Jun 20, 2025 By Devo In Devo

Alert fatigue is a common phenomenon in Security Operations Centers (SOCs). It’s the digital equivalent of crying wolf. As SOCs are flooded with a relentless stream of alerts—many of which are low priority or false positives—it becomes increasingly difficult to identify truly critical security threats. Analysts are stuck spending countless hours verifying, contextualizing, analyzing, and acting on information, often at the cost of missing out on critical alerts.

Read Post

Devo

Read more about How AI Can Reduce Alert Fatigue in Your SOC

Reclaiming analyst time: Smarter investigations with AI in defence

Jun 20, 2025 By Crossley McEwen In Elastic

How the MOD can reduce investigation fatigue and boost operational efficiency Security analysts at the UK Ministry of Defence (MOD) — and everywhere — face an overwhelming challenge: They can receive thousands of alerts daily, and distinguishing genuine threats from false positives in a timely fashion has become nearly impossible without technological intervention.

Read Post

Elastic

Read more about Reclaiming analyst time: Smarter investigations with AI in defence

Vulnerability Data in Next Gen-SIEM with Falcon Exposure Management

Jun 20, 2025 By CrowdStrike In CrowdStrike

Vulnerability data is often siloed and captured in static dashboards, disconnected from real-time investigation. But with Falcon Exposure Management streaming into NG-SIEM, that changes. This demo shows how teams can correlate live vulnerability events with endpoint behavior, network activity, and even cloud telemetry. Using a Firefox example, we trace active and historical exposure, revealing how ExPRT.AI, asset metadata, and cloud-aware context come together in Next Gen SIEM.

View Video

CrowdStrike

Read more about Vulnerability Data in Next Gen-SIEM with Falcon Exposure Management

4 Steps to Cyber Resilience | Expert Insights from LevelBlue | Dark Reading Interview

Jun 20, 2025 By LevelBlue In LevelBlue

In this exclusive Dark Reading News Desk interview, Theresa Lanowitz from LevelBlue shares four practical and powerful steps organizations can take to boost their cyber resilience. From fostering a proactive cybersecurity culture to elevating cyber discussions to the boardroom, this conversation is packed with actionable insights. Learn how to secure your software supply chain, leverage AI for defense, and stay ahead of emerging threats.

View Video

LevelBlue

Read more about 4 Steps to Cyber Resilience | Expert Insights from LevelBlue | Dark Reading Interview

Micro Lesson: How are Insights Generated in Cloud SIEM?

Jun 18, 2025 By Sumo Logic, Inc. In Sumo Logic

Learn how Sumo Logic's Cloud SIEM clusters log data into actionable security Insights.

View Video

Sumo Logic

Read more about Micro Lesson: How are Insights Generated in Cloud SIEM?

SIEM Essentials for Security Operations

Jun 17, 2025 By The Graylog Team In Graylog

For many Security Operations Center (SOC) teams, every day feels like a balancing act just shy of burnout. The alerts don’t stop. The tooling gets in the way more than it helps. And analysts—the people at the heart of security operations—are left trying to untangle signals in a sea of noise, pressure, and constant escalation. This isn’t just a tooling issue. It’s a deeper misalignment: the gap between what SIEM was supposed to be and what security teams actually need.

Read Post

Graylog

Read more about SIEM Essentials for Security Operations

Making the Most of Rule-Based Intrusion Detections

Jun 16, 2025 By Jeff Darrington In Graylog

Think back to being in high school and wanting to leave the room during class. Your teacher would give you a hall pass to show anyone monitoring the halls that you had permission to walk around. Your behavior, walking around during the class period, was suspect unless you followed the rule, getting a hall pass. For security teams, rule-based intrusion detections are the hall monitors that look for behaviors that indicate a problem.

Read Post