This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Check out the new Professional Security Operations Engineer certification beta!
Log in to ask a question

IOC matches alerts, how does secops team are using it?

Posted on 12-15-2023 07:36 AM
phaubertin
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi, I would like to know how other security team use the IOC matches alerts. Where I work, we are using the IOC matches without other IOC feed than the default feed(US DHS AIS, ESET threat intel and Open Source Intel). Team members are complaining about values of those alerts(people says that they are mostly false positive).Do your sec ops team are looking at it? are you pre-triage it into soar to bring relevant IOC matches to analyst?

What are you doing for not suffering from alert fatigue?

 

 

  

0 1 600
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Tabindanoor
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

In our security team, we proactively address IOC matches and combat alert fatigue by employing a pre-triage process through SOAR tools. This involves refining alerting criteria, incorporating targeted IOC feeds, and automating initial triage to filter out false positives. We maintain ongoing collaboration with analysts, conduct regular training, and periodically review IOC match criteria to adapt to evolving threats. This approach ensures that only relevant and accurate alerts reach analysts, mitigating the impact of false positives and enhancing overall threat detection efficacy.

0 Likes
Top Solution Authors
View all