SANS Vetting Your Intel - Techniques and Tools for False Positive Analysis
For blue teams and network defenders, false positives are a common challenge, and often result in alert fatigue. A consequence of alert fatigue, according to a study conducted by Cloud Security Alliance, is that 31.9% of IT security professionals ignore alerts. Alternatively, some security professionals blindly trust all alerts, which if not validated correctly can bring dire consequences to your network . Join DomainTools Senior Security Engineer, Tarik Saleh, and SANS instructor, Robert M. Lee, to explore areas where blue teams can identify false positives, methods of validating alerts, and real world applications of these examples.
In this webinar, learn how to:
- Set up your own analysis environment
- Vet your IDS alerts
- Evaluate your A/V alerts