Writing rules for your SIEM is a complex process. You need to start with prototyping, determine the impact on the SOC, test it and finally push it to production.
The first means to collect security-relevant information at JASK was our Network Sensor.
PowerShell had its beginnings as a way to enable administrators to perform their tasks both locally and remotely with unprecedented access to underlying Windows components, such as COM objects and WMI.
You may have noticed some major changes to our app recently.
It just gets better and better! We are extremely excited to share the latest release of the JASK cloud-native SIEM.
There have always been some common themes when it comes to SIEM content creation and the management of it: it is complex, requires the right skills and is not being done by many organizations.
Cybercriminals can be quite resourceful when it comes to repurposing malware, with most opting for the path of least resistance.
At JASK, our customer success program runs on Slack. Outside of our weekly scheduled calls, almost all of our interactions with customers happen in Slack.
This week at JASK, we introduced templated rules to our customers. Templated rules make it easy for customers to create a single rule for a data source that has multiple event types.
JASK is traveling the country in 2019 on our SIEM Insanity Tour to let people get a first-hand experience of a modern SIEM.
In this post, we will cover how to use the JASK API to identify gaps in rule coverage.