Top SIEM Rules You Should Implement Today

BSidesROC 2018

Presented by: Julian Pileggi
Date: Saturday April 14, 2018
Time: 16:00 - 16:50
Location: Track 2

Developing and maintaining an effective SIEM often takes a small army, and can be quite vexatious. In this talk, the audience will be presented with a compilation of the best and most effective SIEM use cases. Gone are the days of noisy, false positive prone alerts – this talk is focused on high accuracy use cases only! We will tie these use cases back to activities performed by threat actors and red teams alike. This talk will be of interest to SOC analysts, security engineers and SIEM content developers.

Julian Pileggi

Julian Pileggi is a Principal Incident Response Consultant at Mandiant, based in Toronto, Canada. His areas of expertise include enterprise incident response, digital forensics, threat hunting and security operations center team development. Prior to his employment at Mandiant, Julian worked at a large financial institution as a key member of their SOC team, helping to develop it into an industry leader in Canada.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats