How to Get Indicators from Local and Explainable Threat Intelligence for SOCs to Confidently Take Action
Resource Abstract: Cybersecurity offers a variety of tools to determine if there has been an intrusion or if there is untoward activity in the network. User behavior analytics (UBA), intrusion detection and prevention systems (IDS/IPS), web and next-generation firewalls, antivirus technology, security information and event management (SIEM) systems, and endpoint detection and response (EDR) tools can all find indicators of compromise (IoCs). IoCs can then be collected to find the root cause of an attack. These processes are never easy and more likely than not are made more difficult by false positives, poor configurations, conflicting policies, and changing conditions within the network.