Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs
Liam Stevenson, Associate Director of Technical Services within NCC Group’s Managed Detection & Response division, shows how to derive significant cost efficiencies in SIEM platform consumption with smart log ingestion utilizing pre-processing data pipelines and modern cloud services. Doing so significantly reduces data volumes to the SIEM without loosing the residual value and accessibility of the underlying data.
Extending a Thinkst Canary to become an interactive honeypot
In this post we explore how to use the extensible nature of Thinkst Canary to build a high interaction honeypot.
Practical Machine Learning for Random (Filename) Detection
There is much hyperbole around machine learning and artificial intelligence in Managed Detection & Response. We detail when to apply and what reasonable results can be achieved on a specific real-world problem.