Log Analysis Tutorial Detailed Demo in QRadar, 9 Tips to Reduce False Positives in SIEM, Day 9

Log Analysis Tutorial and my 9 Tips to Reduce False Positives in SIEM. Continuing with our Incident Response Training, today is Day 9 and we will discuss Top 9 Tips by which you can reduce False Positive Alerts in SIEM and we will also discuss how to perform log analysis in SIEM with a real life case study. Handling False positives is a real frustration for all working in SOC, and due to that reason we tend to miss real True Positive Alerts, so it is absolutely necessary we can use BEST possible tricks from very begining to reduce them. So in Day 9 of Incident Response Free Training Session, I will address them and also show you from 101 level how can you leverage different set of logs to identify the trails of incident took place on a Financial Organisation where we will try to find out- How many log sources available? What is the domain name used in the network? What is the attacker's IP address? What is the IP address of the first infected machine? What is the username of the infected employee using the infected machine? What all files got created on the infected machine? If any. What is the Malicious File created? If any. What is the hash of malicious File? If any. What is the name of the new account added by the attacker? If any. Did attacker performed any Lateral Movement ? Did attacker done any data exfiltration ? If so, what is that ? ETC. This episode is a longer one, but I request you to watch it full if you want to master the art of SIEM log analysis and don't want to waste your energy running behind False Positives! There is huge amount of information, training available on internet which talks about the same and at times you become overwhelmed and can't decide what is the right choice for me if I want to start my career in Security Operations Centre and want a role in Incident Response. So I have developed this full series to stay focused on the basic areas someone must be aware of to kick of SOC journey! Hence I recommend you to visit the full list one by one to have a solid idea of SOC Beginner level skills and requirements. ------------------------------------------------------------------------------------------------------------------------- ? Check out Incident Response Full Training Course? https://bit.ly/2OKQaFP WATCH BELOW AS WELL, if you want to make your career in DFIR and Security Operations!! ------------------------------------------------------------------------------------------------------------------------- INCIDENT RESPONSE TRAINING Full Course ?https://youtube.com/playlist?list=PLjWEV7pmvSa4yvhzNsCjOJovOn1LLyBXB DFIR Free Tools and Techniques ? https://youtube.com/playlist?list=PLjWEV7pmvSa6f-NTpXsaUYWZLjLAB_0TS Windows and Memory Forensics ? https://youtube.com/playlist?list=PLjWEV7pmvSa50erciZUSnzvE7nK0FyvsH Malware Analysis ? https://youtube.com/playlist?list=PLjWEV7pmvSa6u32RongesgDtkfKBfrFWW ⌚ Timelines ------------------------------------------------------------------------------------------------------------------------- 0:00 ⏩ Intro 2:06 ⏩ 9 Tips for FP Reduction 13:28 ⏩ Case Study Details & Coffee Break 13:40 ⏩ SIEM log Analysis Practical 39:28 ⏩ End of Case Study & Wrap Up ?? FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- ✔ LinkedIn: https://www.linkedin.com/company/blackperl ✔ You can reach out to me personally in LinkedIn as well- https://bit.ly/38ze4L5 ✔ Twitter: @blackperl_dfir ✔ Insta: (blackperl_dfir)https://www.instagram.com/blackperl_dfir/ ✔ Can be reached via blackperl_dfir@yahoo.com/archan.fiem.it@gmail.com SUPPORT BLACKPERL ------------------------------------------------------------------------------------------------------------------------- ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ ➡️ SUBSCRIBE, Share, Like, Comment ☕ Buy me a Coffee ? https://www.buymeacoffee.com/BlackPerl ? Sponsorship Inquiries: archan.fiem.it@gmail.com ------------------------------------------------------------------------------------------------------------------------- ? Thanks for watching!! Be CyberAware!! ?

Видео Log Analysis Tutorial Detailed Demo in QRadar, 9 Tips to Reduce False Positives in SIEM, Day 9 автора Эксель для Дома и Работы