Tristan’s Cybersecurity Substack

Share this post

Tristan’s Cybersecurity Substack
Tristan’s Cybersecurity Substack
SIEM 103 — Detect Windows bruteforce part 2
Copy link
Facebook
Email
Notes
More
SIEM / SOC / MDR

SIEM 103 — Detect Windows bruteforce part 2

Tristan Dostaler
Jun 04, 2022
∙ Paid

Share this post

Tristan’s Cybersecurity Substack
Tristan’s Cybersecurity Substack
SIEM 103 — Detect Windows bruteforce part 2
Copy link
Facebook
Email
Notes
More
Share
Upgrade to paid to play voiceover

SIEM 103 — Detect Windows bruteforce part 2

This post is a follow up of the post SIEM 102 — Detect Windows bruteforce where I explained how to create a detection Use Case to detect a Windows bruteforce.

In this post I will explain how we can enhance the original detection logic by having a lower False Positive rate.

As I explained in the last section of the initial post, it is important to manage False Positives (FP). In the past few months, I spent some time to look for ways to reduce FP and this post will summarize them.

Keep reading with a 7-day free trial

Subscribe to Tristan’s Cybersecurity Substack to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
© 2024 Tristan Dostaler
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More