Make Alerts Great Again

Explore effective strategies for creating and maintaining actionable security alerts in this BSidesSF 2017 conference talk. Learn how Yelp's security team developed tools and processes to improve alert management, increase signal-to-noise ratio, and streamline incident response. Discover techniques for standardizing alert definitions, implementing self-service alerts, and establishing visibility into alert frequencies. Gain insights on overcoming common pitfalls, such as noisy or insufficient alerts, and learn how to test and maintain alert effectiveness. Understand the importance of creating run-books, assigning ownership, and measuring success in alert management. Apply these lessons to enhance your security team's efficiency and focus on more critical tasks.

Introduction
Microservices
Security Pipeline
Common Pitfalls
No Standards
Yelps Standards
Lack of Visibility
Actionability
Email Alerts
Email Events
Solutions
SLA
Actionable alerting service
Selfservice alerts
Selfservice alert example
Assigning ownership
Alert standardization
Testing
False Positives
Measuring Success
Recap