Security Operations
From alert to decision
The route into security operations: how to assess alerts, filter out false positives, and spot real incidents before they grow.
Topics
- SIEM: connecting log sources, writing rules, reducing noise
- Reading EDR and endpoint telemetry properly
- Network and host forensics: finding and interpreting traces
- Alert triage: prioritising under time pressure
- Incident response: contain, eradicate, document
- Using threat intelligence meaningfully — instead of collecting feeds