SIEM ENGINEERING

IT security engineers develop rules for automatic attack detection

Wouldn't it be good to be able to identify recurring attacks automatically without human analysis? We share this view and have therefore established the intelligent set of rules.

The intelligent set of rules is a valid basis for automatically recognising recurring events based on characteristic patterns. This applies to both false positives and cyber attacks.

This automation begins with the work of the IT security engineer, whose responsibilities at the Cyber Defence Center include converting known events into a rule and integrating them into the detection mechanisms.

The development and implementation of new rules in the SIEM tool is a continuous process that is crucial for the smooth operation of the Cyber Defence Centre.

Clearly defined rules for the SIEM tool:

• Automatically identify known attack patterns as "known" threats,
• reduce the background noise of false positives that tie up attention at every layer, and
• simplify the analytical work in the Cyber Defence Centre to pull the plug on threats in good time

"I've seen ten thousand cases that all have the same pattern. And yet I will approach 10001 with the same seriousness and respect as my first one."

Linus Köhn, IT Security Analyst at ConSecur GmbH, on the securiosity in the Cyber Defence Center that connects all employees.

SIEM engineering is the implementation of the SIEM system on
proactive operation in order to recognise risk scenarios more easily and initiate
countermeasures at an early stage.

SERVICES PROVIDED BY CONSECUR

• Design, installation and configuration of the SIEM solution
• Operation and maintenance of the SIEM solution
• Connection of new log sources and configuration of the parsing
  for new use cases