Munin, Keeper of LoreApr 27, 2017

Today's incident: SIEM detects suspicious user-agent.

Tracing through the events, it looks like the cause is a user using a chinese browser to read chinese books.

Show threadMunin, Keeper of Lore
As far as incidents go, this one's not so bad. And it provided a useful framework to talk about how the detection works.
Apr 27, 2017 at 5:20pmWeb