Using External Lookups to Increase the Alert Fidelity

  • Wednesday, 15 Dec 2021 12:00PM EST (15 Dec 2021 17:00 UTC)
  • Speaker: Chas Clawson

Low alert fidelity leads to high alert fatigue. We will discuss some techniques driving towards more true positives and more actionable alerts through external lookups, enrichments and entropy calculations.

n this session, we'll discuss:

  • Making better use of threat intelligence
  • Leveraging Alexa rankings and domain age
  • Calculating Entropy Scores on domain names to detect DGA
  • Tried and true geo-location lookups within a SIEM