SOAR solutions enhance security operations by combining orchestration, automation, and response capabilities. They streamline processes to boost efficiency and incident management for security teams.SOAR platforms improve cybersecurity by integrating disparate tools and data sources, facilitating a cohesive defense strategy. They enable security teams to automate repetitive tasks, streamline workflows, and respond to incidents swiftly. By leveraging intelligence-driven insights, SOAR allows...
@Chiheb Chebbi,
I hope the below test cases are helpful.
Test 1 - Recon: Password Spraying
Test 2 - Privilege Escalation (windows): Powershell Dropper Attacks
Test 3 - Lateral Movement: PsExec
Test 4 - Privilege Escalation (Linux): Failed Sudo
Test 5 - Malicious Code Execution: Eicar Malware Test File
Some examples
https://drertugrulakbas.medium...
As a rule, a SIEM correlation should:
1) Reduce events by 99.99% - raw events to correlations
2) Impact system performance by <1%
3) Produce Correlated Threats with >35% true positive rate on investigation
- 33% are usually false positives or misconfigurations (not real threats)
- 33% are usually unexplained, root cause not discernable
4) Result in <10% false negatives (missed threats)