Zapa  

I totally forgot about this place!! But hey maybe I should be involved again.

To my #CTI #SOC folks out there, what do you do with the massive scanning IP threat feeds? Are you ingesting them into SIEM for alerting?

If you are ingesting bot IPs and scanning IPs, what confidence and severity level do you set your threshold to ingest high fidelity indicators?

I want to know what everyone’s thoughts and strategies are on ingesting low-yield indicators.

#threatintel
#ioc
#soc
#threathunting
#thrunting

Feb 15, 2023 at 4:54pmWeb
Show threadx0rzFeb 15, 2023
@trojanfoxtrot depends on the size of your networks, but « high noise - low value »alerts are generally not worth it, except if you have the budget for extra analysts