fsebugoutzone.org:9999

       Post AS6fG4sR5WrWPc8OsC by zate@infosec.exchange
 (DIR) More posts by zate@infosec.exchange
 (DIR) Post #AS6f2yJGC6FUHNQqJM by seb@ioc.exchange
       2023-01-28T15:49:46Z
       
       0 likes, 0 repeats
       
       Good Morning #infosec fedi!What is your favorite cloud SIEM?
       
 (DIR) Post #AS6fG4sR5WrWPc8OsC by zate@infosec.exchange
       2023-01-28T15:52:07Z
       
       0 likes, 0 repeats
       
       @seb Splunk.
       
 (DIR) Post #AS6fgT69elv13v8SOG by mttaggart@fosstodon.org
       2023-01-28T15:56:53Z
       
       0 likes, 0 repeats
       
       @seb Sentinel. Love me some KQL.
       
 (DIR) Post #AS6floKo7zJWNDXKgS by arichtman@mastodon.online
       2023-01-28T15:57:52Z
       
       0 likes, 0 repeats
       
       @seb &gt; favoriteImplying we don&#39;t dislike most
       
 (DIR) Post #AS6i24nsrdaDzc1LJQ by omartwotone@ioc.exchange
       2023-01-28T16:23:14Z
       
       0 likes, 0 repeats
       
       @seb team splunk 👍
       
 (DIR) Post #AS6jVFjlOOCWFqZNDs by cy@ioc.exchange
       2023-01-28T16:39:43Z
       
       0 likes, 0 repeats
       
       @seb Only ever used Splunk, Datadog, and Panther. I’m leaning more towards Panther for detections and Splunk for investigations/hunting. Splunk is way too expensive though. :ablobthirst:
       
 (DIR) Post #AS6jaSbmxqk7ceK48W by seb@ioc.exchange
       2023-01-28T16:40:39Z
       
       0 likes, 0 repeats
       
       @cy Nice! What&#39;s wrong with DataDog?
       
 (DIR) Post #AS6kxEJQNp4ntk9cEC by cy@ioc.exchange
       2023-01-28T16:55:59Z
       
       0 likes, 0 repeats
       
       @seb their pricing model didn’t work for us (ended up being way too expensive), and during the short ish amount of time we had it, I didn’t feel like we got what we needed out of it. Mostly due to the lack of detection-as-code and data retention being an issue. Also felt like the query language felt a bit more restrictive than Splunk or Panther. There are some nice things tho, like having a lower learning curve and being able to write detections across multiple log sources out of the box.
       
 (DIR) Post #AS6lROuHYdgFRZmSIa by cy@ioc.exchange
       2023-01-28T16:59:07Z
       
       0 likes, 0 repeats
       
       @seb but the nice thing is they are rapidly improving their product and some of the problems we had before might not even be an issue anymore
       
 (DIR) Post #AS6lRPMdrCMirX36VE by seb@ioc.exchange
       2023-01-28T17:01:25Z
       
       0 likes, 0 repeats
       
       @cy Yeah. I&#39;m playing around with it - The usability is impressive. Building detection rules is intuitive and real quick.
       
 (DIR) Post #AS6lfzzCUiLkUu2f6u by cy@ioc.exchange
       2023-01-28T17:04:04Z
       
       0 likes, 0 repeats
       
       @seb switching to Panther definitely made me appreciate how intuitive and easier to use Datadog was 😂
       
 (DIR) Post #AS70rXFYevq0A3eUaW by jamesmonek@infosec.exchange
       2023-01-28T19:54:12Z
       
       0 likes, 0 repeats
       
       @seb we send everything to our ELK stack.
       
 (DIR) Post #AS7HFycY9413Gc5C9g by TheRealRichii@toot.geeky.af
       2023-01-28T22:57:54Z
       
       0 likes, 0 repeats
       
       @seb InsightIDR, but I’m biased 🤣I’d also argue that any platform that doesn’t have detection capabilities out of the box isn’t SIEM, it’s log storage.
       
 (DIR) Post #AS7HQ26Y2zBgy3uRuK by seb@ioc.exchange
       2023-01-28T22:59:44Z
       
       0 likes, 0 repeats
       
       @TheRealRichii Agreed. Never got to see InsightIDR in action anywhere. Do you have a video of what it looks like?
       
 (DIR) Post #AS7HkuBwf8NQVWO1yK by TheRealRichii@toot.geeky.af
       2023-01-28T23:03:29Z
       
       0 likes, 0 repeats
       
       @seb Probably the little video on the ol’ company YouTube channel is the best place to start: https://youtu.be/99ubvZq8oUk