05-24-2023 07:43 AM
What correlation rules and BIOCs created manually do you suggest?
05-24-2023 08:08 AM
For BIOC and correlation rules first I would recommend to start looking at threats you've seen in the past that weren't properly blocked or reported according to your organization's SOPs. Once that job has been handled sufficiently and your SOC team has matured I recommend looking outside of your organization and looking and new TTPs and threats that are being seen in the wild and build IOCs and correlations rules to match that activity.
I understand this may not be the information you're looking for, but no one outside of your organization is going to be able to tell you exactly what you need to be looking for. Different threats are more prevalent in certain industries/verticals than others. Also, everyone's team is at a different level of maturity.'
I hope this information helps.
05-25-2023 05:40 AM
Thank you for your reply.
Sorry if I was not clear.
We are already doing that and that information we don't need.
I totally agree when you say, "no one outside of your organization is going to be able to tell you exactly what you need to be looking for"
I was looking for something more generic.
Let me know if you or someone could suggest some generic XQL or BIOC rules that could help us leverage our defenses.
Sharing that kind of information will for sure help all community, I believe 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!