Friday Flows Episode 7: Elastic Alert Response with Cases & Slack

Logo
Presented by

Blake Coolidge & Stephen Creedon

About this talk

The majority of SOC teams are overworked & under-appreciated. Generally, they get flooded with alerts. There aren't enough human beings or resources to deal with the volume of alerts. So teams will 'turn down' their SIEM solutions so that they can deal with a realistic volume. The downside is that you're going to miss alerts you should deal with & you're going to get a lot of false positives." Stephen Creedon shares a highly popular Tines workflow to do the opposite: turn your SIEM (Elastic) up to 100 and let smart, secure workflows built by you & powered by Tines take care of the analysis for you.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (44)
Subscribers (1462)
Smart, secure workflows for your whole team. The world's best companies — from startups to the Fortune 10 – trust Tines to powerfully manage their mission critical workflows, automatically responding to and remediating alerts in real time.