Developing and maintaining an effective SIEM often takes a small army, and can be quite vexatious. In this talk, the audience will be presented with a compilation of the best and most effective SIEM use cases. Gone are the days of noisy, false positive prone alerts – this talk is focused on high accuracy use cases only! We will tie these use cases back to activities performed by threat actors and red teams alike. This talk will be of interest to SOC analysts, security engineers and SIEM content developers.
Julian Pileggi is a Principal Incident Response Consultant at Mandiant, based in Toronto, Canada. His areas of expertise include enterprise incident response, digital forensics, threat hunting and security operations center team development. Prior to his employment at Mandiant, Julian worked at a large financial institution as a key member of their SOC team, helping to develop it into an industry leader in Canada.