Detection Engineering without Alert Fatigue - Correlating Minor Detections

Explore the challenges of balancing detection coverage and alert fatigue in a Security Operations Center (SOC) through this 25-minute conference talk from NorthSec. Discover how a custom platform leveraging the concept of indicators was developed to correlate minor or noisy detection logics. Learn about the toolset and implementation details used to monitor tens of thousands of endpoints effectively. Gain insights into how this platform has become a crucial tool for threat hunting and assists SOC analysts in their investigations. Understand the journey of building a detection engineering system that avoids common pitfalls, such as generating alerts for benign activities like executing the 'whoami' command.

NSEC2023 - Willy Wonka and the Detection Factory: Detection Engineering without Alert Fatigue