I work as the Regional Manager at a Tech Services company.
Currently, I'm exploring open-source Network Analyzer and Network Configuration managers.
Which one would you recommend and why?
For Network Analyzer, you can use Elastiflow. It's pretty complete even though its development has stopped lately (we have recently deployed it in production for a customer). It is still just as good as it was a few years ago.
For Network Configuration Management, it really depends on the sets of features you're looking for. But, you can use the Ansible & Gitlab combo. We've written a full tutorial for it on our website: https://www.zen-networks.io/ne...
Hi SOC analysts and other infosec professionals,
Which standard/custom method do you use to decide about the alert severity in your SOC?
Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?
Hi @Evgeny Belenky,
I think as long as you do this thing manually, you will always have to be subjective. One will always say alerts from critical assets first, setting them with higher priority.
But the concept of threat intelligence will help. Threat intelligence feeds will help in improving information about the threats you are handling. Without this, your assets and rules you set will always say "hey, this is a serious malicious activity" with brief information unlike when you get feeds from various sources of threat intelligence.
Fighting alert fatigue - It's good to have playbooks do some repetitive work. If an alert is generated, instead of jumping into all of them as analyst, playbook will help you automate some activities like checking file hashes in virus total. At least in the end one will be getting alerts that matters most and with sufficient information added by playbooks.
Regional Manager/ Service Delivery Manager at ASPL INFO Services
20 January 22
Hi @Evgeny Belenky,
Below are a few strategies if taken into account can reduce cybersecurity alert fatigue in SOC.
1. Threat intelligence
2. Native integration
3. Machine learning
5. UEBA (User and Entity Behavior Analytics)
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote!
If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too!
Modern-day servers are robust enough to accommodate as many applications and processes as possible. Still, there is a limit to how much load a server can handle.
If your business does not heed the server constraints in time, you are bound to suffer from operational loss due to server downtimes. To closely monitor your server health, you must track specific metrics regularly.
Here are some s...
Collecting as many metrics, statuses, and logs about the servers is indeed the first step, you never know what data you will need to solve a particular problem. The second step is to process and correctly pinpoint where the network performance/behavior differs from the expected range/baseline.
Can your network monitoring software automate the obvious (execute remote corrective actions in response to alerts) and notify the IT person about only critical situations where the human needs to make a decision about the resolution options? We expect the network monitoring software today to do just that.
I would say NetCrunch can do it, but do you have any experience with other monitoring products that provide a similar type of monitoring experience for IT teams?
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why.
You can read user reviews for the Top 8 Network Monitoring Software Tools ...