Welcome to another Security Analyst Diary entry. We embarked on a journey to drive context-aware detections, and enrich ingested data with actionable information for our customers. A key part of fulfilling on that journey has been Prevalence, an important capability since the very inception of Chronicle. Check out the blog of this diary entry here: https://chronicle.security/blog/posts/security-analyst-diaries-6-finding-the-proverbial-needle-in-a-haystack-with-Chronicle-SIEM-domain-prevalence/
Chronicle SIEM, part of our Chronicle Security Operations suite, enables analysts to drive impactful security operations, context-driven detections and investigations, and enable a faster threat response. In today’s Security Analyst Diary entry, we’re going to cover:
- What is domain prevalence and UDM implementation?
- Detection engine and prevalence
- Prevalence isn’t just for domains
- SQL queries and how