Deep inside the SIEM rabbit hole due to some new responsibilities and it's depressing how easy it is to tune a SIEM and get actual high fidelity alerting to avoid fatigue yet the industry is plagued with it.

@og @cirriustech There's a RiskIQ touch point in Defender for Endpoint and Defender External Attack Surface Management.

@rakkhi There was a post on how Google are changing their posture to release public uses like GPT (because it's a huge profit making opportunity) so I assume they are fully capable of achieving gpt-3 like technology

@rakkhi There's been some other scary stuff come out from Microsoft this year too. They blogged on how they failed some pretty low sophistication lsass abuses.

@rakkhi without going down the rabbit hole. Defender Antivirus is 7 components so doing a dive into what the assessments are using is an important step. The report disabled a few components so that's a consideration too. One of the reasons low sophistication works really well is it looks a lot like normal activity and vendors suffer from bias and will spend more time on the NOT so low hanging fruit

What are everyones favourite books on intelligent analysis, investigation theory etc. I've gone through all the CIA content and looking to push further over the holidays. Will probably finish up with a purchase of Chris sanders course.

@paco when a doctor, lawyer or government agency needs an important conversation with me they just ring for 8 seconds and never contact me again. Email guarantees I can at least receive a single piece of information