Standardizer - A Standardization Framework for Your Security Alerts

Explore a standardization framework for security alerts in this conference talk from Circle City Con 2019. Learn about the Standardizer tool, which addresses common problems in alert management. Discover how to implement standardized emergency response metadata, create feedback loops, and handle core data effectively. Dive into topics such as short name linting failures, valid tactics, spawn queries, and transformations. Gain insights on secondary operations, Confluence integration, search stanzas, and the CI process. Watch a demonstration of custom issue types, issue keys, data sources, and extended responses. Understand how to leverage Bitbucket, Splunk, and other tools to improve your security alert workflow.

Intro
Welcome
Background
Problems
Bitbucket
Splunk
Summary
Standardized ER
Metadata
Feedback loop
Deeper souptonuts
Core data
Short name
linting failures
valid tactic
spawn query
transformations
Secondary operations
confluence
Search stanzas
PR links
CI process
Application
Demo
Custom issue type
Issue Key
Data Source
Issue Summary
Repos
Extended Response
Spunk
Conflict parser