Building Your Baseline Rule Development
Speaker: Nathan Shanks, Chief Security Architect, Strategic Enterprise Solutions
After you have completed the task of designing and deploying your SIEM, it’s time to get to work building logic that’s right for your enterprise. One of the advantages of centralizing data is the ability to normalize and categorize all the information. Leave your single signature-based rules behind and learn how to develop category-based rules that will give you the framework needed to stay general or specific as needed.