@Evgeny Belenky yeah, "alert fatigue" is also a consequence of the human factor.
Without a continuous process of SOC software configuration, SOC will face this "alert fatigue" issue.
One more thing is gaps between different parts of the SOC team. Multi-experts are great,…
SOC is the heart of your infrastructure security, a centralized system management mechanism, a collaboration of people and software. It is designed to detect anomalies, highlight real threats in them, and respond to these threats appropriately
SOC has a complex structure…
Try Open Threat Exchange otx.alienvault.com The best one, and now researchers from AlienVault is a part of AT&T, so they have really great data sources and expertise in Threat hunting.
TLDR
SIEM:
Security information management: Long-term storage as well as analysis and reporting of log data.
Security event manager: Real-time monitoring, correlation of events, notifications, and console views.
SOAR:
SIEM + Threat Intelligence (IoC's, AI, etc),…
In general, you will have the same problems with any software for log analysis in DHCP environments. But you can use FQDN and can also install agents on assets with dynamic IP
But really, you will have some difficulties with asset and vulnerability management. Try to use…
