nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqe7rqcsp5pypj3ac5wxnvgnwxmdl5the60wggwlqytaxm9kql0cdsaxd2rl (nprofile…d2rl) a formulation could be, can the SOC operate from an exception queue attached to a SIEM.
Because there are certain classes of exception that are nice to automate (classification error for sure, obvious misconfigurations, new or altered devices or software come to mind), finding badness among the exceptions is an exceeding hard task, and not for lack of creativity, but mostly because of how unbalanced the classes are for high severity events.
It's not really built for statistical systems alone, without some form of human to suck air through their teeth and say, yeah let's take a look for sure.
Jonathan Reiter (张飞) /
npub14w…zs0yn
2025-02-26 09:07:08
in reply to nevent1q…0s38
Author Public Key
npub14w23u75542yrxmcpnmk53zuall87tfcsyvuer09639phwl0hkj6srzs0ynPublished at
2025-02-26 09:07:08Event JSON
{
"id": "c82ef8a603b59b4d15fdd199645a9b077f95c19e75d44918f96457203ab56010",
"pubkey": "ab951e7a94aa88336f019eed488b9dffcfe5a710233991bcba8943777df7b4b5",
"created_at": 1740560828,
"kind": 1,
"tags": [
[
"p",
"cf860c4034090328f71471a6c44dc6db7f45df3a7b90877c045f4db2d81f7e1b",
"wss://relay.mostr.pub"
],
[
"p",
"ddaef735ba82c4c8eb3942423bf54420567582fd5b68ed1046a7e18c9f780bfe",
"wss://relay.mostr.pub"
],
[
"e",
"1599ece32142126bb7a5c5feb6054283acf72198e9cce667100ba256736bdd04",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://infosec.exchange/users/bees/statuses/114069394474960163",
"activitypub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqe7rqcsp5pypj3ac5wxnvgnwxmdl5the60wggwlqytaxm9kql0cdsaxd2rl a formulation could be, can the SOC operate from an exception queue attached to a SIEM. \n\nBecause there are certain classes of exception that are nice to automate (classification error for sure, obvious misconfigurations, new or altered devices or software come to mind), finding badness among the exceptions is an exceeding hard task, and not for lack of creativity, but mostly because of how unbalanced the classes are for high severity events. \n\nIt's not really built for statistical systems alone, without some form of human to suck air through their teeth and say, yeah let's take a look for sure.",
"sig": "0807d8d09f958fa04298daff1b00fe5903e2830d8e69fa815b200686fa13cad053c06f92add7d31877a96d38ae52f88a5322a009af0ee8e5199a9bc410e75ab7"
}