Read the original article: Cross-post: Detecting Threats by Matching Threat Intel to Logs — Oh Really?
[Posted on behalf of Anton Chuvakin Security Strategy – chronicle Google]
A lot of people seem to think that matching technical threat intelligence (TI) to logs for threat detection is a great idea. Some people also think this is very easy.
But before we go there… Did I just use the phrase “threat intelligence” to mean “threat data feeds”? Yes, I did. Frankly, I am tired of fighting this battle (“No, you dummy, this list…
Read the original article: Cross-post: Detecting Threats by Matching Threat Intel to Logs — Oh Really?