ThetaPoint Blog

Your SIEM isn’t the Problem, but Your Model is (part 2)

The Model is your Tutor for your Analysts and your MSSP The same set of facts and labels should be readily available regardless of who or what is doing analysis.  When a common Model applies across the infrastructure, every investigation into an alert also presents the correct contextual data to the investigator, regardless of how familiar they are with the tooling or business itself. You no longer need to go digging around just to find out what is important about an asset. This consistency and immediacy make it easier to internalize the normal quirks and behaviors that help adjudication.…

Your SIEM isn’t the Problem, but Your Model is

If one of these statements sounds familiar, this blog post is for you: “I’m not getting enough value out of my SIEM" “My MSSP floods me with alerts that are not relevant, and they’re not willing or equipped to filter or make good judgements on their end for most of the cases they send” “Our Junior Analysts have a hard time making heads or tails out of an alert” First the good news: you are not alone. However, a single thread does link all of these problems to a common cause…