Demystifying correlations in the Unified Security Operations Platform

preview_player
Показать описание
In this episode, we dive into the power of correlation - a tool that can give you an edge over attackers through proactive and efficient defense. We'll explore why incident correlation is essential for enhancing your security operations and how it can help you stay ahead of potential threats. Through Tiander's demo, you will learn key concepts and strategies needed to successfully align your SOC processes with correlation techniques. Join us for your gateway to correlation clarity.

  1. Microsoft Security Community
Рекомендации по теме
Demystifying correlations in 0:28:02

Demystifying correlations in the Unified Security Operations Platform

Demystifying XDR: What's 0:23:28

Demystifying XDR: What's the 'real' XDR and how can it transform your security strate...

useR! 2019 Toulouse 0:18:14

useR! 2019 Toulouse - Talk Biostatistics & Epidemology 2 - Antonio Gasparrini

David Schmid - 0:26:20

David Schmid - The interplay of entanglement and nonlocality demystified

SREcon19 Asia/Pacific - 0:23:11

SREcon19 Asia/Pacific - Unified Reporting of Service Reliability

Demystifying Technology Adoption 0:19:57

Demystifying Technology Adoption through Implementation of a Multilevel Technology Acceptance

OSS Log Management 0:38:46

OSS Log Management with Fluentd - Kiyoto Tamura

SREcon17 Americas - 0:40:58

SREcon17 Americas - Reducing MTTR and False Escalations: Event Correlation at LinkedIn

Fundamentals of Cisco's 0:13:01

Fundamentals of Cisco's Unified Computing System, podcast 296

Unified Monitoring: Introducing 0:03:12

Unified Monitoring: Introducing AppDynamics Network Visibility

EMC Unified Infrastructure 0:07:17

EMC Unified Infrastructure Manager - Operations 3.0 Demo

Demystifying Network Analytics 0:51:07

Demystifying Network Analytics | GT Hill and Anand Srinivas | WLPC US Phoenix 2017

Nexus Insights 5.0: 0:04:08

Nexus Insights 5.0: Unifying Network Insights Resources and Advisor

Demystifying the Misconceptions 0:27:03

Demystifying the Misconceptions of Digital Experience Platforms (DXPs) | MarTech Conference 2022

05.24.2022 - SD-WAN 0:46:07

05.24.2022 - SD-WAN Demystified - Session 1

Cisco Unified Computing 0:08:19

Cisco Unified Computing System: Faults and Alerts

Comprehensive NetOps and 0:30:05

Comprehensive NetOps and Visibility with Cisco Nexus Dashboard

WAS: Logs and 0:11:30

WAS: Logs and Traces - Part 2

AGI: Comparing Renormalising 0:28:47

AGI: Comparing Renormalising Generative Models (RGMs) with Action Perception Divergence (APD)

Emil Hvitfeldt | 0:19:07

Emil Hvitfeldt | tidyclust - expanding tidymodels to clustering | RStudio (2022)

Webinar - Demystifying 1:03:11

Webinar - Demystifying Orchestration and Assurance Across SDN, NFV and CE 2.0

Data Engineers Challenges 0:50:12

Data Engineers Challenges Demystified [English]

LF Live Webinar: 0:54:27

LF Live Webinar: Using OpenTelemetry and Instana Together for Maximum Observability

Daniel Worrall: Understanding 1:00:01

Daniel Worrall: Understanding and Generalising the Convolution

Комментарии
Автор

Hi! We have a separate team that handles Purview incidents - and they seem to be creating thousands of alerts (ie, one for each file). When we enable Unified SOC with XDR, all those thousands of alerts come into Sentinel incidents, and also get correlated to other alerts, and even get correlated into "multistage incidents" with themselves.

We'd love a way to not have correlation view Purview/DLP alerts, or add exclusions. Is there a way to do this?

Feel free to reach out to me on the Customer CCP as well :)

jremy
Автор

Things I hate:

1. The use of the word Demystifying in presentations
2. Misuse of the word Depreciation

saus