Sigma Rules to Live Your Best SOC Life
Feb 02, 2021
Security Operations is a 24 x 7 job. It does not stop for weekends or holidays or even that much-needed coffee break after the first hour of the shift is complete. We all know this. Every SOC engineer is hoping for some rest at some point. One of my favorite jokes when talking about Security Operations is "3 SOC engineers walked into a bar…" That the joke. No SOC engineers have time to do that. They get it. They laugh. So why is this all true? Let us explore that a little bit. Demand for experienced SOC engineers far surpasses the available talent. Event volume levels boggle the imagination compared to even just a few years ago. Utilization of tools to their utmost capability has often not been a priority. In the Security Operations space, we have been using SIEM's for many years with varying degrees of deployments, customization, and effectiveness. For the most part, they have been a helpful tool for Security Operations. But they can be better. Like any tool, t
