Lmst

RAG, ICL, and Windows Events: Building a Human-Guided Security Analyst: https://jonny-johnson.medium.com/rag-icl-and-windows-events-building-a-human-guided-security-analyst-395faa6769a4

#windowsevents #ai #rag #securityanalyst

AI is becoming central to security operations. Let's talk about why. 👇

AI-assisted workflows are on the rise. ⬆️ And, when an algorithm highlights a critical #security event, analysts need to understand why that happened. Without true visibility, this #AI assistance risks creating new blind spots and hiding important context, rather than leading to a solution. 😓

To make sense of the constant overflow of alerts, you need AI capabilities that are built into workflows that you already use, like:
☑️ Behavioral detection
☑️ Risk-based prioritization
☑️ Investigation summaries
☑️ Smarter dashboards and search

Learn how you can leverage these important AI capabilities and stay in control while using tools that accelerate detection, streamline investigations, and strengthen your reporting: https://graylog.org/post/how-graylog-uses-explainable-ai-to-help-security-teams/ #cybersecurity #securityops #security #securityanalyst

👋 Hey IT pros, security analysts, and sys admins! Have you taken advantage of #graylog's FREE analyst training, yet? The Graylog Academy is here for you. 🫵 It's designed from the ground up by internal Grayloggers and experts, and anyone can sign up for it. 🎉

This comprehensive on-demand training program covers a wide range of topics, ensuring participants gain a deep understanding of the platform and its capabilities. And for every test you pass you get a Graylog certificate! 🌟

Learn about:
🔍 Search fundamentals
📊 Graylog dashboards
🪵 Log ingestion
💡 Pipelines, parsing and the Graylog information model
👁️ Dashboards and visualization
🔒 Intro to API security
➕ More!

Enroll here! ⤵️
https://graylog.org/post/graylog-academy-free-training-available/
#ITPro #SysAdmin #securityanalyst #cybersecurity #security

Did you know that there is FREE online #Graylog analyst training? 🆓 Take a look at Graylog Academy! Designed from the ground up by internal Grayloggers and experts—anyone can sign up for Graylog Academy Training. 💯

Here’s some of what you can learn about:
🔍 Search Fundamentals
📊 Introduction to Graylog Dashboards
🪵 Log Ingestion
ℹ️ Pipelines, Parsing and Graylog Information Model
👁️ Dashboards and Visualization
⚠️ Events, Alerts and Notifications
🔐 Intro to API Security
👋 Interactive Tours

Wondering if Graylog Academy is right for you? This training is ideal for:
✔️ IT pros
✔️ #Security analysts
✔️ System administrators
✔️ Anyone interested in learning about log management & analysis

Enroll here! ⤵️
https://graylog.org/post/graylog-academy-free-training-available/ #ITpro #sysadmin #securityanalyst #cybersecurity

Over the past few years, #security analysts have worked together to combat threat actors by sharing information and strategies — including the use of open source Sigma rules. 🤔

Leveraging the capabilities of Sigma rules can help you optimize your centralized log management solution for security detection and response! 💡

Learn more about Sigma rules including:
❓ Why you should use them
📂 Specific use cases
🦴 The anatomy of a Sigma rule
🔍 Sigma rule event processing for advanced detection capabilities

https://graylog.org/post/the-ultimate-guide-to-sigma-rules/ #threatactors #cybersecurity #securityanalyst

👀 Have you checked out #Graylog Academy? We've got dashboards, pipelines & parsing—OH MY! So, if you're an #ITpro, #securityanalyst, #sysadmin or interested in learning about log management+analysis—then this is for you. 😊 IT'S FREE.😃 Enroll now.👇 graylog.org/post/graylog... #cybersecurity #infosec

Graylog Academy: Free On-Deman...

Attn: Security Analysts... let's talk about what your Intrusion Detection System (IDS) and intrusion Prevention System (IPS) tools do, and how you can incorporate them into your network monitoring technology stack to improve network #security. 💪 🖥️ 🔒

In our latest blog, Jeff Darrington talks about the differences between IDS and IPS, risk-based event triage for reducing alert fatigue, and much more.

https://graylog.org/post/do-you-need-ids-and-ips/ #cybersecurity #infosec #networksecurity #securityanalyst #alertfatigue

Compared to "regular" #ComputerScience, I kind of suspect that #CyberSecurity is one of the harder things to do.

I'd like to become a #securityanalyst, but learning low level languages, assembly included, as well as knowing all the ways to test, poke and prod #software, #hardware, #protocols, #api, all while trying to find vulnerabilities through the eye of a needle...

It just gets harder with every year and you'll have to know what the heck you're doing...

But it's well paid, I hear.

Job Alert

Security Analyst at Wipro - Bengaluru

Experience - 0-1 year

Mode - On-site, Full-Time

#hiring #jobs #cybersecurity #jobopening #Securityanalyst

Job Alert

Security Analyst at Unisys - Bengaluru

Experience - 3-5 years
Mode - On-site, Full-Time

#hiring #jobs #cybersecurity #jobopening #securityanalyst

🏆 We're thrilled to announce our triumph at the Globee Awards®! 🏆 🎉

These awards highlight #Graylog's commitment to delivering a #security analyst experience that is not only top-notch but also remarkably user-friendly. 👇

🥇 Gold Globee Winner for Security Information and Event Management (#SIEM)

🥇 Gold Globee Winner for Threat Hunting, Detection, Intelligence, and Response

🥈 Silver Globee Winner for Application Programming Interface Management & Security

🥉 Bronze Globee Winner for Most Innovative Security Company of the Year – Security Software

We are honored to be acknowledged with these Globee Awards for our pioneering approach and exceptional capabilities. Learn more. ⤵
https://graylog.org/award/graylog-clinches-prestigious-globee-awards-in-cybersecurity-reinforcing-its-leadership-in-the-industry/ #securityanalyst #cybersecurity #APIsecurity

𝗪𝗵𝗮𝘁 𝗶𝘀 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗖𝗼𝗽𝗶𝗹𝗼𝘁?

"It is a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes at machine speed and scale, while remaining compliant to responsible AI principles."

The primary focus of the Early Access Program is centered around:

📌𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁 𝗿𝗲𝘀𝗽𝗼𝗻𝘀𝗲

📌𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗽𝗼𝘀𝘁𝘂𝗿𝗲 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁

📌𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴

"Here's an explanation of how Microsoft Security Copilot works:

➡ User prompts from security products are sent to Security Copilot.

➡Security Copilot then pre-processes the input prompt through an approach called grounding, which improves the specificity of the prompt, to help you get answers that are relevant and actionable to your prompt. Security Copilot accesses plugins for pre-processing, then sends the modified prompt to the language model.

➡Security Copilot takes the response from the language model and post-processes it. This post-processing includes accessing plugins to gain contextualized information.

➡Security Copilot returns the response, where the user can review and assess the response."

https://learn.microsoft.com/en-us/security-copilot/microsoft-security-copilot

#microsoft #microsoftsecurity #securitycopilot #copilot #soc #incidentresponse #soc #analyst #securityanalyst #ai #artificialinteligence #generativeai #openai #azureopenai #llm #cybersecurity #defender #xdr #sentinel #intune #prompt #largelanguagemodel #llm #foundationalmodel #gpt4 #gpt3

𝗨𝗻𝗹𝗼𝗰𝗸𝗶𝗻𝗴 𝘁𝗵𝗲 𝗣𝗼𝘄𝗲𝗿 𝗼𝗳 𝗖𝘆𝗯𝗲𝗿 𝗧𝗵𝗿𝗲𝗮𝘁 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝘄𝗶𝘁𝗵 𝗔𝘇𝘂𝗿𝗲 𝗢𝗽𝗲𝗻𝗔𝗜 𝗮𝗻𝗱 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗧𝗵𝗿𝗲𝗮𝘁 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲

I'm excited to share my recent side project! 💻✨

I've been exploring the incredible potential of a simple web app for engaging in conversations with threat intelligence data. In my case, I harnessed the power of Microsoft Defender Threat Intelligence.

All the details are in the following blog post:

https://medium.com/@antonio.formato/chat-with-your-cyber-threat-intelligence-data-with-azure-openai-9a0ea9c829ba

I'd love to hear your thoughts and feedback.

This project has been an eye-opener for me, demonstrating how Generative AI can be a game-changer in the realm of cybersecurity. I hope it serves as a valuable starting point for other innovative applications in the cybersecurity space.

Let's connect and discuss how technology can empower us in the ever-evolving world of cybersecurity. 🌐🛡️

#azure #azureopenai #llm #chatbot #threatintelligence #ti #microsoft #microsoftdefenderthreatintelligence #mdti #cyber #cybersecurity #soc #threatactors #threatanalysis #ttp #ioc #securityanalyst #microsoftsecurity #largelanguagemodel #gpt4 #azurelogicapps #logicapps #cognitiveservices #dev #chat

Hey! I’m looking to add another member to my growing security operations team! If you are looking to help grow security operation processes and work to find evil with an awesome team and a great business, take a look!

https://recruiting.ultipro.com/CEN1011CENBA/JobBoard/51298f34-52ec-478d-bafa-d62ea4ea8c52/OpportunityDetail?opportunityId=85988cd6-66f9-4804-b002-3b00a63abc7a

#SecOps #SecurityAnalyst #FediHired #Security

Imagine this. You’re a #SecurityAnalyst protecting the Black Hat network when suddenly you notice Autoit.F, a trojan you’ve never seen before. What do you do next? In a new blog, Ben Reardon explains how he was able to detect, investigate, triage, and close this exact incident using @corelight’s Open NDR Platform while serving in the NOC at #BlackHat. https://corelight.com/blog/blackhat-noc-usa-2023

#Cybersecurity #CyberDefense #NetworkSecurity #DFIR

𝗜𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗻𝗴 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝟯𝟲𝟱 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗶𝗻𝘁𝗼 𝘆𝗼𝘂𝗿 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗼𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝘀

The deployment and implementation of the Microsoft 365 Defender platform will need careful planning with the SOC team to optimize the day-to-day operations and lifecycle management of the Microsoft 365 Defender service itself.

This content explores several concepts on how to operationalize and integrate Microsoft 365 Defender with either new or existing people, processes, and technologies that form the basis for modern security operations.

Use these steps to integrate Microsoft 365 Defender into your SOC.

1️⃣Plan for Microsoft 365 Defender operations readiness

2️⃣Perform a SOC integration readiness assessment using the Zero Trust Framework

3️⃣Plan for Microsoft 365 Defender integration with your SOC catalog of services

4️⃣Define Microsoft 365 Defender roles, responsibilities, and oversight

5️⃣Develop and test use cases

6️⃣Identify SOC maintenance tasks

https://learn.microsoft.com/en-us/microsoft-365/security/defender/integrate-microsoft-365-defender-secops?view=o365-worldwide

#m365defender #defender #microsoft #xdr #soc #zerotrust #azure #cloud #cloudsecurity #securityanalyst #mdo #mde #mdi #entraid #mdca

OSINT Toolkit is a full-stack web application designed to assist security analysts in their work: https://github.com/dev-lu/osint_toolkit

#osint #SecurityAnalyst

From zero to hero security coverage with Microsoft Sentinel for your critical SAP security signals.

"How the SOAR capabilities of Sentinel can be utilized in conjunction with SAP by leveraging Microsoft Sentinel Playbooks/Azure Logic Apps to automate remedial actions in SAP systems or SAP Business Technology Platform (BTP)"

https://blogs.sap.com/2023/05/22/from-zero-to-hero-security-coverage-with-microsoft-sentinel-for-your-critical-sap-security-signals-blog-series/

More info: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/revolutionize-your-sap-security-with-microsoft-sentinel-s-soar/ba-p/3823857

#microsoft #azure #business #security #technology #sap #soar #sentinel #microsoftsentinel #siem #cloudnative #cloudsecurity #BusinessTechnologyPlatform #btp #erp #soc #detection #securityanalyst #playbook