Using Machine Learning to Reduce the Alert Fatigue

Channel:
United States SANS Cyber Defense
Subscribers:
23,600
Published on ● Video Link: https://www.youtube.com/watch?v=XdKbyhUst_s


Duration: 1:37:33
701 views
30

Most enterprises today have a number of security tools to support their security operations. In many cases, these tools have a view of what they think are bad and thus produce a large number of alerts. The problem is, the majority of these alerts tend to be false positives rather than true positives. Using machine learning, we can identify those alerts which are more likely to be true positives, thus expending more energy towards these alerts. In this session, we will discuss how you can leverage the SOAR, the SIEM (or any other security tool), Threat Intelligence and case management platforms, to build a machine learning model to aid with reducing the alert fatigue.

Nik Alleyne is a SANS Certified Instructor with over 20 years in IT, with the last 10 years being more focused in cybersecurity. He is currently the Director of Business Development for a Managed Security Services Provider (MSSP), where he is responsible for leading multiple teams supporting various security technologies including IDS/IPS, Anti-Malware tools, proxies, firewalls, SIEM, Cloud, and WAF. Nik teaches both SEC503: Intrusion Detection In-Depth and SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling for SANS and is a published author of two books Hack and Detect and Mastering TShark Network Forensics.



Other Videos By SANS Cyber Defense


2022-05-14An In-Depth Overview of Resources, Tactics, and Tools for Gathering Intelligence Outside the US
2022-05-13How SEC586 can help you and your organization's security posture
2022-05-12Finding Fraudsters Who Hide Behind Cloudflare
2022-05-11Dark Web: The Other Side
2022-05-10I Know You: Contact Exploitation in SOCMINT Investigations
2022-05-09What skills do SEC586 students walk away with
2022-05-05Who should take SEC586 Blue Team Operations: Defensive PowerShell?
2022-05-01Why use PowerShell to automate?
2022-04-28Lifting the Fog: Investigating Cryptocurrency with OSINT
2022-04-27What problems does SEC586 solve for students?
2022-04-22Using Machine Learning to Reduce the Alert Fatigue
2022-04-04Join us for the Free SANS OSINT Summit 2022!
2022-03-18Setting Up and Managing Python Virtual Environments
2022-03-17Lifting the Fog: Exploring Maritime OSINT
2022-03-11Visualizing TensorFlow Models: Part II
2022-03-04SOC Alert Tuning and False Positive Reduction: Setting Yourself Up for Success
2022-03-03Defenders: What to do NOW if expecting nation state attackers
2022-02-18Visualizing TensorFlow Models: Part I
2022-02-04Visualizing TensorFlow Models: Part 1
2022-01-21Visualizing How CNNs See Images
2022-01-21PowerShell 2022: State of the Art / Hack / Infection


Tags:
nik alleyne
machine learning
alert fatigue
how to reduce alert fatigue
reducing alert fatigue
sans nik alleyne
machine learning course
machine learning tutorial
machine learning for beginners
siem alert fatigue
soc alert fatigue
how to reduce soc alert fatigue