October 21, 2023
InfosecGirls Session - 21st October, 2023
Topic: Detection engineering primer — log sources that matter, high-value use cases, and avoiding alert fatigue for small SOC teams.
Summary
- Prioritised log sources: identity, endpoint, proxy, email, and cloud control plane.
- High-value detections: auth anomalies, rare process chains, and data exfil patterns.
- Alert design: clear runbook links, deduplication, and severity tied to business impact.
- Small-team tactics: borrow community rules, tune aggressively, and measure false positives.