← @kwm Twitter archive

Keith

@kwm

@olafhartong @DebugPrivilege And when I say "unqualified leadership + poor communication", I am looking at both the provider and the customer.

Putting your trust in a 3rd party to tell you when your business is at risk requires an active partnership, whether you want triage or a complete investigation.

4/18/2020, 1:22:26 PM

Favs: 4

Retweets: 0

Keith

@kwm

@olafhartong @DebugPrivilege Do you want a SOC to look at alerts and

- only escalate ones that aren't obvious garbage
- correlate !garbage
- correlate !garbage then enrich
- above + pull additional telemetry, contextualize

Or do you want

- telemetry ingest + analytics applied

Alerts + telemetry + . . .

4/18/2020, 1:26:23 PM

Favs: 6

Retweets: 0

Keith

@kwm

@olafhartong @DebugPrivilege All of this rambling, and we're not even scratching the surface of data sources, product/service features, depth of investigation, how to measure, etc.

Point being: If you end up w/ a SOC having problems you've described, it's often a qualification mixup (or lies!).

4/18/2020, 1:30:42 PM

Favs: 2

Retweets: 0