Edwin Rubio Cybersecurity Profile

Home Lab

False Positive Tuning to Prevent Alert Fatigue

By CybrXylon
First and foremost, I would like to thank Gerald Auger from Simply Cyber for creating an incredibly informative YouTube video featuring SOC Expert Eric Capuano. It was through Auger’s video that I discovered Eric’s remarkable blog post titled “So You Want to Be a SOC Analyst?” I am truly grateful for their valuable insights and guidance, as they played a significant role in helping me build this lab. Here’s the link if you’d rather follow https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro

Resources

As promised in the video I talk about FP tuning, and really getting to know your telemetry to be able to distinguish if a action is normal or not. The best way to get experience is by getting as much as possible to gain familiarity here are some resources to be able to do so:

Ready for more! Get ready for part 6 where we get to begin to start playing with more advanced capabilities using YARA scanning! See you guys in the next one! Remember, to stay legendary!

By CybrXylon

Related Post

Home Lab

Installation+Configuration of Wazuh & TheHive Servers on the Cloud

CybrXylon
Home Lab

Generating Attack Telemetry to Splunk Server w/ ART tests based off Mitre Att&ck Framework

CybrXylon
Home Lab

Configuring AD Server to Join Target Machine to Domain Controller

CybrXylon

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

Uncategorized

Generating Telemetry via Mimikatz & Ingesting Logs into Wazuh

Home Lab

Installation+Configuration of Wazuh & TheHive Servers on the Cloud

Linux

Deep dive into Linux CHMOD + VIM

Home Lab

Generating Attack Telemetry to Splunk Server w/ ART tests based off Mitre Att&ck Framework