SIEM 103 — Detect Windows bruteforce part 2

Jun 04, 2022

∙ Paid

Upgrade to paid to play voiceover

SIEM 103 — Detect Windows bruteforce part 2

This post is a follow up of the post SIEM 102 — Detect Windows bruteforce where I explained how to create a detection Use Case to detect a Windows bruteforce.

In this post I will explain how we can enhance the original detection logic by having a lower False Positive rate.

As I explained in the last section of the initial post, it is important to manage False Positives (FP). In the past few months, I spent some time to look for ways to reduce FP and this post will summarize them.

Continue reading this post for free, courtesy of Tristan Dostaler.

Or purchase a paid subscription.

Tristan’s Cybersecurity Substack

SIEM 103 — Detect Windows bruteforce part 2

SIEM 103 — Detect Windows bruteforce part 2

Continue reading this post for free, courtesy of Tristan Dostaler.