Sign up to save your podcasts
Or
Share EP149 Canned Detections: From Educational Samples to Production-Ready Code
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP149 Canned Detections: From Educational Samples to Production-Ready Code
Guests:
-
John Stoner, Principal Security Strategist, Google Cloud Security
-
Dave Herrald, Head of Adopt Engineering, Google Cloud Security
Topics:
-
In your experience, past and present, what would make clients trust vendor detection content?
-
Regarding “canned”, default or “out-of-the-box” detections, how to make them more production quality and not merely educational samples to learn from?
-
What is more important, seeing the detection or being able to change it, or both?
-
If this is about seeing the detection code/content, what about ML and algorithms?
-
What about the SOC analysts who don't read the code?
-
What about “tuning” - is tuning detections a bad word now in 2023?
-
Everybody is obsessed about “false positives,” what about the false negatives? How are we supposed to eliminate them if we don’t see detection logic?
Resources:
-
Video (Linkedin, YouTube)
-
Github rules for Chronicle
-
DetectionEngineering.net by Zack Allen
-
“On Trust and Transparency in Detection” blog
-
“Detection as Code? No, Detection as COOKING!” blog
-
EP64 Security Operations Center: The People Side and How to Do it Right
-
EP108 How to Hunt the Cloud: Lessons and Experiences from Years of Threat Hunting
-
EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
-
Why is Threat Detection Hard?
-
Detection Engineering is Painful — and It Shouldn’t Be (Part 1, 2, 3, 4, 5)
View all episodes
By Anton Chuvakin
4.8
3838 ratings
Guests:
-
John Stoner, Principal Security Strategist, Google Cloud Security
-
Dave Herrald, Head of Adopt Engineering, Google Cloud Security
Topics:
-
In your experience, past and present, what would make clients trust vendor detection content?
-
Regarding “canned”, default or “out-of-the-box” detections, how to make them more production quality and not merely educational samples to learn from?
-
What is more important, seeing the detection or being able to change it, or both?
-
If this is about seeing the detection code/content, what about ML and algorithms?
-
What about the SOC analysts who don't read the code?
-
What about “tuning” - is tuning detections a bad word now in 2023?
-
Everybody is obsessed about “false positives,” what about the false negatives? How are we supposed to eliminate them if we don’t see detection logic?
Resources:
-
Video (Linkedin, YouTube)
-
Github rules for Chronicle
-
DetectionEngineering.net by Zack Allen
-
“On Trust and Transparency in Detection” blog
-
“Detection as Code? No, Detection as COOKING!” blog
-
EP64 Security Operations Center: The People Side and How to Do it Right
-
EP108 How to Hunt the Cloud: Lessons and Experiences from Years of Threat Hunting
-
EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
-
Why is Threat Detection Hard?
-
Detection Engineering is Painful — and It Shouldn’t Be (Part 1, 2, 3, 4, 5)
More shows like Cloud Security Podcast by Google
View all
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
The Cloudcast
152 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
CyberWire Daily
1,009 Listeners
AWS Podcast
201 Listeners
Click Here
408 Listeners
Cybersecurity Today
166 Listeners
Kubernetes Podcast from Google
181 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cloud Security Podcast
58 Listeners
Cyber Security Headlines
127 Listeners
Risky Bulletin
43 Listeners