By Dan Ramaswami
As soon as football season rolls around and I start to see pumpkins on doorsteps, I start to think about holiday dinners. What’s the menu, and are there any new recipes, say for turkey? Is there some new cooking method we should try – fried, or maybe smoked? After searching for a while, I realized that the basics are pretty much the same from one cooking method to another. As long as you don’t turn it into sawdust, everyone is generally pretty happy to eat turkey! But the real difference comes down to the mix of spices and its appeal to the family and friends we plan to share this with.
It got me thinking that finding the right spice recipe for just the right roasted turkey is similar to how we work with our clients to create actionable alerts within Netography Fusion®. Granted, the ingredients we need to create an actionable alert focus on the right data and organizational context – not salt, pepper, thyme, lemon, butter, etc. Instead, our recipe includes things like host, user, application, and governance and compliance information. But you see where I’m going with this, right?
To take this analogy a little further, there are many questions surrounding the event itself I need to ask before I can RSVP. Are we available on the date and time? What’s the dress code? What will be served and what else can or should we bring? Think of these questions as the location or organizational-specific information you also need to help determine what actions to take.
All of this data comes together (like the recipe below) and results in our action to attend, or not to attend. Similarly, the right combination of context and data points is what makes alerts actionable.
So, here’s my recipe for how to create an actionable alert.
Preheat SOC to 325 degrees.
Take 1 whole detection.
Mix together:
Apply liberally to the detection.
Bake in the SOC until the desired doneness is reached, basting frequently.
Remove from the SOC and serve immediately to the incident response team.
Note: While you should rest a turkey to allow it to set up, we all know if we let an incident rest the attackers will definitely get set up, so do not rest!
Nutritional recommendations:
This meal should be consumed quickly, frequently, and adjusted for your tastes as needed.
Sourcing ingredients:
Netography makes it easy to source all the ingredients you need. There’s no need to wait until you get an alert and then look for and apply context from different tools and signaling technologies, or wait until the data gets into the SIEM so you can send a query that might take hours to process. Instead, we enrich cloud and on-prem network flows and metadata with context at the time of ingestion.
Obviously, this recipe is tongue-in-cheek. But the work we do with customers is no joke. Leveraging our Netography Fusion platform, we make it easy to bring in organizational-specific context and data to create high-fidelity, actionable alerts. Instead of “sifting” (pun intended) through logs, tables, and spreadsheets manually searching for data to determine if an alert is important or, worse, becoming desensitized to alerts due to overload, our simple recipe ensures teams focus on alerts that matter.
The post Recipe for an Actionable Alert appeared first on Netography.
*** This is a Security Bloggers Network syndicated blog from Netography authored by Netography Team. Read the original post at: https://netography.com/recipe-for-an-actionable-alert/