<h1 id="the-future-of-siem">The Future of Siem<a aria-hidden="true" class="anchor-heading icon-link" href="#the-future-of-siem"></a></h1>
<ul>
<li><a href="/wiki/notes/52ldf4z80p3bq17ropr5vex">hadPresenter</a> <a href="/wiki/notes/el3lyt92nl7oavv3shk9r2k">@jeannie-warner</a> </li>
<li><a href="/wiki/notes/fLRYIQbFRfaAleFFXUF3m">hasTopic</a> 
<ul>
<li><a href="/wiki/notes/absydp73jtpwrni37egbrix">User and Behavior Analysis</a></li>
<li>need to collect more of the right data including creds</li>
<li>manual investigations lead to an incomplete outcome</li>
<li>"it's a whole new world", but our humans have a gap e.g. NTLM vs Kerberos</li>
<li><a href="/wiki/notes/m3xrcj8mzlswh55swcnwor8">Security Operations Center</a></li>
</ul>
</li>
<li>Four Attributes of Success:
<ul>
<li>"Assumed Breach" posture
<ul>
<li>"boring" is what wins</li>
<li>"offensive posture" : what if? zero trust initiatives;</li>
<li>NIST-800 needs teeth</li>
</ul>
</li>
<li>Understand What Normal Looks Like
<ul>
<li>"over 3/4 of attacks are using valid credentials"; compromised credentials</li>
</ul>
</li>
<li>Embrace Automation
<ul>
<li>"They'll yell at me" is a real reason IT won't do things</li>
</ul>
</li>
<li>Think Like the Business
<ul>
<li>speak to the business in a language they understand</li>
<li>adopt a risk-based approach for users, roles, and assets</li>
<li>respond to cybersecurity events the way a good business responds to market conditions</li>
<li>elevate cybersecurity as a strategic partner versus a cost center</li>
<li>constant team education and improvement</li>
</ul>
</li>
</ul>
</li>
<li>Where to begin:
<ul>
<li>audit existing capabilities</li>
<li>assess your staff workflow and workloads</li>
<li>determine the most business-critical use cases by asking
<ul>
<li>can you support them with your existing skills, technology, data</li>
<li>are you mapping log sources and events to the mitre attach chain</li>
<li>"<a href="/wiki/notes/u6jm1c998fkp4ipicwl9rjl">first times are interesting</a>"</li>
</ul>
</li>
<li>communicate the business value you are driving</li>
</ul>
</li>
</ul>
<hr>
<strong>Backlinks</strong>
<ul>
<li><a href="/wiki/notes/leiouwjn4tf8akfdfvf1ip2">Cybersecurity Summit Los Angeles 2022</a></li>
</ul>

The Future of Siem

public-notes


Welcome! And beware!  

## Purpose

This vault is the "[[learning-in-public|ar.swyx.learn-in-public]]" part of my Second Brain. If you share some of my interests, please [reach out](https://djradon.github.io)! 

## Contents

- [[t]] my personal wikipedia
- [[idea]] (not necessarily mine)
- Resource Notes, including highlights, thoughts and metadata, for various things:
  - [[ar]] mostly articles, papers and web pages
  - [[book]]
  - [[community]]
  - [[course]]
  - [[event]]
  - [[game]]
  - [[loc]]
  - [[org]]
  - [[user]] 
  - [[prdct]] mostly software products, but also ontologies
  - [[recipe]]
  - [[video]] movies, tv episodes, youtube, etc
- [[vs]]
- [[wanted]]
- Some "Metadata Notes":
  - [[tags]] which may refer to any and multiple (or none) of the above
  - [[c]]: ways to categorize resources
  - [[p]]: ways to assert things about resources (mostly abandoned)

In terms of the [[t.km.zettelkasten]] method, this wiki is a commingling of literature notes with something @Sönke-Ahrens warned about: a "personal Wikipedia or a database" [^1]. 

In terms of [[t.tm.getting-things-done]], it's references, someday-maybe, next actions, and public projects.

## Beware!

This is a cluttered cupboard of jumbled jottings riddled with inaccuracies, confusion, and mistakes.

## What This Is Not

- evergreen-notes/digital-garden: for "synthesized" / original-ish publishable big-idea notes that should evolve over time, props to @andy-matuschak and @maggie-appleton
- blog: for "point-in-time" items to be shared: personal news, articles, etc.
  - e.g., [[ar.substack.carpe-noctem]]


[^1]: [[book.how-to-take-smart-notes]]  