Request a Demo
Welcome to the Cygilant Blog

Cygilant Labs

Recent Posts

Creating SIEM Alerts To Detect Attacks

Posted by Cygilant Labs on Feb 13, 2018

A good portion of the security research done at Cygilant is done around alerting. For us, an alert occurs when a data point in a log message contains a value we were waiting to see. These data points are usually values such as: IP addresses, authentication statuses, network protocols or error codes, for example. This work is ongoing because there are continually new and better ways to determine if something unique or nefarious is occurring on systems. The log messages we parse come from devices and applications that are deployed within the environment and are commonly referred to as SIEM (security information and event management) data. Most of the hardware and software you are familiar with produce SIEM data which makes it useful determining what is happening on the systems you are monitoring.

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Recent Posts

Posts by Topic

See All