CSN19: Building Your Baseline Rule Development

Document created by jmerrill on Sep 12, 2010
Version 1Show Document
  • View in full screen mode

Building Your Baseline Rule Development
Nathan Shanks, Chief Security Architect, Strategic Enterprise Solutions
Level: Intermediate
After you have completed the task of designing and deploying your SIEM, it’s time to get to work building logic that’s right for your enterprise. One of the advantages of centralizing data is the ability to normalize and categorize all the information. Leave your single signature-based rules behind and learn how to develop category-based rules that will give you the framework needed to stay general or specific as needed.