Alerting

elastic

Storing and enriching alerts for information security with Elasticsearch

Within Elastic, the information security team is tasked with security detection and analytics, among many other activities of a typical information security team. To find abnormal and malicious behavior within our environment we leverage Elastic SIEM for investigations and threat hunting. When we find a pattern of behavior we want to be alerted on during an investigation or hunt we take the request JSON behind our investigation and put in to Watcher for alerting.

bigpanda

Tips for Modern NOCs - Alleviating Incident Routing Bottlenecks

Critical and sev1 incidents are always a priority, but what about those dozens and often hundreds of lower priority ones that often sit in a queue waiting for a first response engineer to get to them? Do you find that no matter how much effort your team puts into minimizing the number of queued incidents, their number always seems to grow? If this sounds familiar – this blog is for you.

onpage

Revisited: How to Run a 247 MSP

As 2019 comes to an end, OnPage would like to re-inform MSP teams about the value and importance of offering a 24×7 support service. Twenty-four seven support ensures that client issues are quickly resolved by an after-hours support team. Though 24×7 support is a must-have offering, MSPs must first re-work their internal workflows and policies, ensuring that after-hours servicing is a pain-free venture.

squadcast

Danny Mican on his experience as an SRE at Auth0

Danny is an SRE at Auth0 and currently manages the reliability of systems that authenticate over 2.5 billion logins per month and is expected to have 99.9% (Three Nines) availability. He loves learning about systems and making changes that positively impact client happiness, employee happiness and long term stability and growth.

pagerduty

Learn Your Organization's Potential ROI With PagerDuty by Using IDC's Snapshot Tool

Recently, I wrote about an IDC business value study PagerDuty commissioned and shared some of the results from the research. In summary, after in-depth interviews with eight enterprise customers, IDC applied its proven business value methodology to the aggregated results of those interviews and found that enterprise customers were averaging a three-year return-on-investment (ROI) of 731% and a payback period (break-even point) on their investment in just 4.3 months.

exigence

Why incident response automation is top-of-list for CISOs in 2020

When considering the state of critical incidents in 2019 – it’s no surprise that looking ahead to 2020, CISOs have one of the organization’s most challenging and stressful jobs. During the first half of the year alone 4.1 billion records were compromised, and the average cost of a data breach is now estimated at $3.92 million.

squadcast

The age of service mesh

You have built a massively successful system. The users just can't get enough and request new features. Your developers crank out new services on a regular basis. Your DevOps/SRE team configures and scale your Kubernetes cluster (or clusters). As the system becomes more complicated and sophisticated you realize that there are common themes that repeat across all your services.

victorops

Making the Most of Holidays While You're On-Call

Software engineers and IT professionals know the pains of being on-call during the holidays all too well. While many parents are woken up at the crack of dawn with kids jumping on their bed, on-call engineers also have to worry about those critical notifications. While the holidays are a great time for family and friends, IT professionals and DevOps engineers also know how stressful they can be.

onpage

Sensitive Medical Data Hacked by Unsophisticated Software

There’s a solid rationale behind replacing antiquated technology, as they fail to keep pace with how the healthcare environment is evolving. One such invention is the good, old pager. Recently, the U.K.’s National Health Service Trust (NHS) was on the radar when the organization’s sensitive medical data was hacked by an individual in North London. The malicious party intercepted radio waves, converting it into legible text on his computer monitor.