SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThe goal of this paper is to explain how to use a SIEM effectively to identify and respond to security threats. The paper begins with level set information including definitions, capabilities requirements, architecture and a business case. Later I will cover aggregation and correlation design concepts, with real world examples including architectural design, risk based profiling, finite state engines, and merging traditional network operations data into security operations tools for improved detection.