AI in a SOC shouldn’t be “push button, solve security.” It’s better as a force multiplier: faster triage, cleaner investigations, safer automation, and way less copy/paste misery.

I also get into the guardrails that actually matter (evidence-first summaries, human-in-the-loop, prompt injection, least privilege).

Read it here: https://www.kylereddoch.me/blog/putting-ai-to-work-in-the-soc/

#cybersecurity #SOC #SecurityOperations #AI #IncidentResponse #SIEM #SOAR

Are you using your #SIEM to detect #security threats in the most efficient and effective ways possible❓🤔 When you implement and fine-tune SIEM detections, you strengthen your security posture and become better able to strategically aligning with your business objectives.

Fine-tuning your SIEM detections specifically allows you to:
💡 Improve threat detection with smarter correlation
⬆️ Accelerate incident response
👀 Gain comprehensive visibility into your environment
☑️ Enable compliance and audit readiness
😌 Reduce alert fatigue

Read on, to learn about 6 specific steps you can take that will help you build fine-tuned detections and high-fidelity alerts.👇

https://graylog.org/post/6-steps-for-using-a-siem-to-detect-threats/ #ThreatDetection #IncidentResponse #TDIR #CyberSecurity

Assessing SIEM effectiveness: https://securelist.com/siem-effectiveness-assessment/118560/

#soc #siem

Как интегрировать аудит-логи с SIEM: от теории к практике на Wazuh и RuSIEM

Недавно мы в Selectel запустили систему аудит-логов . Она предназначена для централизованного сбора и анализа событий, возникающих при работе сервисов Selectel. А также — обеспечивает единый доступ к операционным и административным действиям, фиксирует различные события с ресурсами аккаунта и помогает отслеживать потенциально подозрительные активности. Важным фактором для удобства расследований и анализа является формат самих аудит-логов. Он должен быть структурированным и единообразным вне зависимости от части системы, где происходит события. При этом — достаточно информативным, чтобы можно было установить обстоятельства события. При должном подходе аудит-логи — не просто набор технических сообщений, а инструмент, который помогает как предотвращаь проблемы, так и эффективно расследовать их при необходимости. Но чтобы начать анализировать события, которые происходят в системе, нужно сначала эти события получить и передать анализатору — SIEM-системе. Этому и будет посвящена данная статья.

https://habr.com/ru/companies/selectel/articles/981796/?utm_source=habrahabr&utm_medium=rss&utm_campaign=981796

#selectel #siem #информационная_безопасность

Как интегрировать аудит-логи с SIEM: от теории к практике на Wazuh и RuSIEM

Недавно мы в Selectel запустили

https://habr.com/ru/companies/selectel/articles/981796/

#selectel #siem #информационная_безопасность

❄️ Winter break is the perfect time to brush up on your Sigma rules! ❄️ With Sigma Specification 2.0 rules, #security teams can create vendor-agnostic detections without being limited by proprietary log formats. 🙌

So, security teams now have:
✅ New fields and modifiers that improve how security teams use the rules
✅ Correlation specifications to extend rules to more sophisticated detections
✅ Filters that reduce false positives
✅ #JSON schema to allow automation

Learn more about the key changes in Sigma v.2.0 and supporting Sigma v2.0 mapped to MITRE ATT&CK framework.

https://graylog.org/post/sigma-specification-2-0-what-you-need-to-know/ #SigmaRules #CyberSecurity #SIEM #InfoSec

🔍 Wazuh: A Solução SIEM Ideal para sua Empresa! 🛡️

O Wazuh é uma plataforma open source que oferece monitoramento de segurança robusto e resposta a incidentes. Com funcionalidades de SIEM e XDR, ele garante proteção em tempo real para ambientes on-premise e na nuvem, ajudando sua empresa a detectar e reagir rapidamente a ameaças.

👉 Descubra como o Wazuh pode fortalecer sua segurança: Wazuh: O SIEM Certo para sua Empresa

#Cibersegurança #Wazuh #SIEM #XDR #OpenSource

💡 As you build out your #security program, you should know some of the more critical #Windows Event IDs to monitor and what they mean. Read on to get a list of critical Event IDs for:

👉 Logon events
👉 Privilege use
👉 Windows Server
👉 Microsoft Defender Antivirus

Plus, learn how you can build a single source of log information that enables observability and visibility across your environment. 🙌

https://graylog.org/post/25-linux-logs-to-collect-and-monitor/ #CyberSecurity #SIEM #InfoSec #GraylogLabs

#siem —Map all your data models from sourcetype. Using #org files for all documentation. #knowyourdata. #emacs #doomemacs.

Here's a case that prompted a massive advance in cybersecurity measures in the United States. The Target data breach prompted the use of pin-and-chip cards and the adoption of SIEM. Here's how this incident sparked such a massive change in payment data protection.

#targetDataBreach #cards #creditCards #SIEM #paymentData #dataPrivacy #dataProtection

https://negativepid.blog/the-target-data-breach/
https://negativepid.blog/the-target-data-breach/

Is your business ready to handle today's cyber threats alone?

If not 1: You need an MSSP for Operational Support for filling the talent gap.
If not 2: You need an MSSP for Operational Support for managing the noise.
If not 3: You need an MSSP for Governance & Compliance (ensuring you meet legal standards).
If not 4: You need an MSSP for Strategic Maturity (moving from "fighting fires" to proactive protection).

https://linktr.ee/formafastconsulting

#Mssp #FORMAFAST #SEARCHINFORM #dlp #siem #ciso #rssi #dpo

Series: Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions

- Part 1: https://blog.nviso.eu/series/siem-log-collectors-scale-ansible-github-actions-devops/

#siem #logcollection #ansible #githubactions

🔍 Wazuh: A Solução SIEM Ideal para sua Empresa! 🛡️

O Wazuh é uma plataforma open source que oferece monitoramento de segurança robusto e resposta a incidentes. Com funcionalidades de SIEM e XDR, ele garante proteção em tempo real para ambientes on-premise e na nuvem, ajudando sua empresa a detectar e reagir rapidamente a ameaças.

👉 Descubra como o Wazuh pode fortalecer sua segurança: Wazuh: O SIEM Certo para sua Empresa

#Cibersegurança #Wazuh #SIEM #XDR #OpenSource

Curious what the top SOC trends were in 2025? Take a look. 👀👇

🤖 AI outpaced oversight
📊 Dashboards expanded while context thinned
⛅ Cloud costs quietly dictated security decisions
🔃 Process, not skill, slowed investigations
❗ API exposure grew faster than tracking

And there are more! See all of the top SOC trends from 2025 plus our top prediction for the SOC in 2026, in our latest blog.

https://graylog.org/post/2025-security-trends-that-defined-the-soc-and-what-2026-will-demand/ #SecurityOperations #SIEM #CyberSecurity #InfoSec

There's a new look to modern day #ransomware attacks (no) thanks to the Ransomware-as-a-Service (#RaaS) ecosystem. As attackers continue to automate spear #phishing and other processes, identifying and mitigating these email threats becomes both more important and more challenging. 😓 So, let's talk about how your team can improve their risk mitigation strategies.

In this article we review:
🎣 Phishing, spear phishing, and whaling
📧 Why ransomware email threats are so successful
🛡️ Best practices for mitigating these threats

Dig into the details of implementing email security, centralizing security data, integrating threat intelligence, identifying very attacked persons (VAPs), and more.

https://graylog.org/post/understanding-ransomware-email-threats/ #SpearPhishing #ThreatIntel #SIEM #CyberSecurity

Wondering how #DevOps, development, and AI-powered #dev tools will evolve and impact the industry in 2026? Several experts offer thoughtful, insightful, and even some controversial predictions — in this DevOps Digest article. ⬇️

🎤 Hear from several industry luminaries on the topic of AI-powered SDLC, including:
🔹 Sunil Senan, Infosys
🔹 Ensar Seker, SOCRadar
🔹 Rishi Chohan, GFT Technologies
🔹 Lee McClendon, Tricentis
🔹 Jithin Bhasker, ServiceNow
🔹 Emilio Salvador, GitLab
🔹 Greg Ingino, Litera
🔹 Nuha Hashem, Cozmo AI
🔹 Rohan Gupta, R Systems
🔹 Robert Rea, Graylog, Inc.
🔹 Ian Livingstone, Keycard

"In 2026, DevOps culture will be defined by systems that coach, correct, and collaborate alongside engineers." — Robert Rea CTO, #Graylog

https://www.devopsdigest.com/2026-devops-predictions-6 #CyberSecurity #InfoSec #SIEM #AI

Got questions about the National Security Division (NSD) of the U.S. Department of Justice's (DOJ) Data Security Program (DSP)? It was first implemented on Apr. 8, 2025, and the section focused on due diligence and audit requirements became enforceable as of Oct. 6, 2025.👮👀 Do your current compliance programs and data sharing activities need additional controls or processes to comply? 🤔

The DSP establishes export controls that seek to prevent access to bulk genomic, geolocation, biometric, health, financial, and other sensitive personal data by foreign adversaries and those subject to their control, jurisdiction, ownership, and direction. Read on to learn more about what's required of you with this new DSP, including:

❓ The type of data that falls within the DSP
🚫 How the DSP defines covered transactions and prohibited transactions
📋 The specific requirements for a compliance DSP program
✅ How to implement best practices for implementing and monitoring compliance with DSP #security requirements

It's possible to streamline your compliance processes while improving your overall security posture. See how. 👇

https://graylog.org/post/understanding-the-department-of-justice-doj-data-security-program/ #CyberSecurity #InfoSec #SIEM

🔍 Wazuh: A Solução SIEM Ideal para sua Empresa! 🛡️

O Wazuh é uma plataforma open source que oferece monitoramento de segurança robusto e resposta a incidentes. Com funcionalidades de SIEM e XDR, ele garante proteção em tempo real para ambientes on-premise e na nuvem, ajudando sua empresa a detectar e reagir rapidamente a ameaças.

👉 Descubra como o Wazuh pode fortalecer sua segurança: Wazuh: O SIEM Certo para sua Empresa

#Cibersegurança #Wazuh #SIEM #XDR #OpenSource