We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

PACKET HACKING VILLAGE - How to Tune Automation to Avoid False Positives

1
 Cite
 Share
 Download
 Purchase
No logo availableDEF CON
 Ziabari, Gita

Formal Metadata

Title
PACKET HACKING VILLAGE - How to Tune Automation to Avoid False Positives
Title of Series
Number of Parts
322
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Every SOC is deluged by massive amounts of logs, suspect files, alerts and data that make it impossible to respond to everything. It is essential to deploy automation to accelerate response time, consistency, scalability and efficiency. This talk will cover techniques to design a reliable automated tool in security. We will discuss about techniques of tunning the automation to avoid false positives and the many struggles we have had in creating appropriate whitelists. We will walk through steps of creating an automated tool and the essential factors to be considered to avoid any false positive.