%term

The latest News and Information on Security Incident and Event Management.

Elastic Security simplifies customization of prebuilt SIEM detection rules

Apr 15, 2025 By Kseniia Ignatovych In Elastic

Customizing and updating prebuilt SIEM detection rules just got easier, improving precision, enabling broader coverage, and saving time. Customizing and updating prebuilt detection rules is now easier than ever with Elastic Security. We’ve streamlined detection engineering workflows and enabled greater use case coverage with out-of-the-box SIEM detection rules.

Read Post

Elastic

Read more about Elastic Security simplifies customization of prebuilt SIEM detection rules

CMMC Compliance Automation in the SIEM

Apr 15, 2025 By UTMStack In UTMStack

In this video, I walk you through the essentials of UTMStack compliance automation, specifically focusing on CMMC compliance. I explain how to navigate the compliance menu and ensure the correct framework is selected. I also highlight the automatic evaluation of controls and the options available for exporting reports. Please make sure to review the controls and provide any necessary evidence if the system indicates non-compliance.

View Video

UTMStack

Read more about CMMC Compliance Automation in the SIEM

Managing False Positives and Alert Fatigue in SIEM

Apr 15, 2025 By UTMStack In UTMStack

In this video, I walk you through the process of managing false positives in the UTMSatck platform. We often encounter numerous false positives when starting with a new SIEM, which can lead to confusion and unnecessary alerts. I demonstrate how to tag these false positives effectively and filter them out to streamline our alert system. Please make sure to implement the tagging rules I discussed to help reduce noise in your SOC team's workflow.

View Video

UTMStack

Read more about Managing False Positives and Alert Fatigue in SIEM

Creating Custom Dashboards in UTMStack

Apr 15, 2025 By UTMStack In UTMStack

In this video, I walk you through the process of creating custom dashboards and visualizations in UTMStack SIEM. I demonstrate how to build various types of visualizations, such as pie charts and bar charts, to effectively display alert data. I also highlight the importance of adding filters for better data management and how to set up auto-refresh for real-time monitoring. Please make sure to follow along and try creating your own dashboards as we go through the steps together!

View Video

UTMStack

Read more about Creating Custom Dashboards in UTMStack

Strategies for accelerating a successful log migration

Apr 14, 2025 By Nicholas Thomson In Datadog

Log management becomes more challenging as both log volume and diversity rapidly grow. Yet many companies still rely on legacy log management and SIEM solutions that aren’t designed to cost-effectively or securely handle the large scale of logs today coming from sources both in the cloud and on premises.

Read Post

Datadog

Read more about Strategies for accelerating a successful log migration

TD SYNNEX expands alliance with Exabeam to deliver flexible security solutions to UK partners

Apr 10, 2025 By Exabeam In Exabeam

Automated AI-driven security capabilities will enable partners and MSPs to deliver enhanced protection against evolving cyberthreats.

Read Post

Exabeam

Read more about TD SYNNEX expands alliance with Exabeam to deliver flexible security solutions to UK partners

From endpoint to XDR: Operationalize Microsoft Defender for Endpoint data in Elastic Security

Apr 10, 2025 By Raquel Tabuyo In Elastic

Enhance your threat detection, investigation, and response by integrating Microsoft Defender for Endpoint data with Elastic Security. Many security teams often find it difficult to detect and respond to threats because of fragmented visibility and isolated endpoint data. This challenge led to the development of extended detection and response (XDR), which integrates endpoint insights with contextualized data from networks, cloud environments, and identity systems.

Read Post

Elastic

Read more about From endpoint to XDR: Operationalize Microsoft Defender for Endpoint data in Elastic Security

Adversary Tradecraft: Apache Tomcat RCE

Apr 7, 2025 By Graylog Security In Graylog

CVE-2025-24813 is a critical vulnerability (CVSS base score of 9.8) affecting Apache Tomcat, a widely used open-source web server and servlet container. This issue affects Apache Tomcat: In this blog, we’ll simulate an attack and look at the activity within Graylog. Throughout the analysis, and at the conclusion of the post, we’ll provide practical threat-hunting and detection strategies you can implement in your own environments.

Read Post

Graylog

Read more about Adversary Tradecraft: Apache Tomcat RCE

What is IoT Security?

Apr 3, 2025 By Adam White In Sumo Logic

Security measures aren’t keeping pace with the rate at which new technology is going to market. One of the fastest-growing segments of technology, the Internet of Things (IoT) — which includes webcams, smart thermostats, wearable health trackers, and other smart objects — is capturing the industry’s attention and growing rapidly. By 2030, the number of connected IoT devices is expected to grow to 40 billion.

Read Post

Sumo Logic

Read more about What is IoT Security?

Government cybersecurity: Consolidating tools and costs with AI & ML

Apr 2, 2025 By Chris Townsend In Elastic

Quantifying the economic impact of Elastic Security As public sector organizations grapple with a changing economic and political landscape, the focus has increasingly turned to driving efficiencies, reducing costs, and strengthening resiliency.

Read Post