Keeping up with the Joneses: SIEM Rules Edition presented at BSidesPhiladephia 2019

by Kevin Ascoli,

Summary : Keeping up with the evolving landscape of threats and attacker techniques can feel like an uphill battle. Many environments leverage a Security Information and Event Management (SIEM) to perform log correlation and analysis, and keeping rules current is a challenge. To combat the burden of "keeping up with the Jones's" SIEM rules, this presentation will detail a new initiative to develop, share, and assess the latest and greatest in alerting logic-—the Threat Alert Logic Repository (TALR). TALR is a repository of approved SIEM rules, designed for quick and easy translation into the SIEM tool of your choice. This repository will be publicly hosted, and serve to keep SIEM engineers and analysts up-to-date on alert logic. Attendees will gain a comprehensive overview of TALR, as well as other SIEM rule sharing initiatives, and understand how to incorporate them into their cyber environments as a way to remain on the cutting edge of alerting logic.