Chronicle Best Practices
Share Chronicle Best Practices and bring your SOC to the next level
Discussion List
-
Dashboard for time between logging and detections firingDoes anyone have any advice on how you could create a dashboard to see the average amount of time b… -
Is it possible to use Arrays.contains with two variables in Yara-L?In the documentation it seems that the arrays.contains function can be used like the following, ar…
-
Monitoring of cloud and on prem connectorsWe would like to monitor logs from siemplify (specifically cloud connector logs as well as on prem … -
Using advanced analytics for the insights of tomorrowToday, most SOC managers and CISOs are using metrics to track the security posture and measure thei… -
Guide | Quick OVA Deployment And Portal LoginHello everyone, I’ve seen various questions around the slack channel about the OVA deployment, so … -
Noise Reduction- Cyrus Robinson, community domain expertHave you ever noticed trees that are marked with spray paint? Now, I’m no tree spray paint marking … -
Need help: Bridged Adapter doesn't work on Community OVA in VirtualBoxHey community, I am new to siemplify, I just installed Community OVA in VirtualBox, chose Bridged A… -
From where to import Tipcommon and EnvironmentCommon moduleI am trying to import library TipCommon and EnvironmentCommon in my util class but it is giving bel… -
Jason Crosby External IP Enrichment v2 BlockOur judges were impressed by the clever use of Siemplify technology and the logic behind his block.…
-
Cyrus Robinson 24/7 blockAfter you implement Dor's enrichment block, we want to introduce you to Cyrus's 24/7 block, which w…
-
CyberSixgill Enrichment Block for SEAs promised, we are sending you the winning blocks from the Community Challenge. So, we’ll start wi…
-
AbuseCH Malware Bazaar IntegrationDoes anybody have an AbuseCH Malware Bazaar integration up and running yet? I am working on one and… -
How the grouping of alerts happening if am using arcsight SIEM ?I know the grouping based on the entities and the time frame. to be more precise which time will … -
How to Use Output from a Block as Input for Another BlockSomeone asked this in the Siemplify Community Slack, so I thought it might be helpful to document i… -
A Noise Reduction Strategy Example - Part 1This will be broken up into multiple posts due to post length requirements. One of our SOC workstre…
-
A Noise Reduction Strategy Example - Part 2Tier 1 Analysis Playbook The Tier 1 analyst uses enrichment and instruction to perform the initial …
-
Alert noise reductionSecurity teams are no strangers to the overload of alerts. Be it via new SIEM rules, a preponderanc… -
EndpointsHow or witch tool should I use to monitore por example seven endpoints at my local network -
Introduction to the Siemplify Tools Power Up!The Tools Power Up is a set of utility actions developed by Siemplify Professional Services for the… -
How to use Template Engine to Render Complex Templates - Part 2If you haven't read the "How to use Template Engine to Render Complex Templates - Part 1"… -
How to use Template Engine to Render Complex Templates - Part 1I have recently created Template Engine, an integration available to the Community which utilizes J…
-
Siemplify Tools Community IntegrationHi Community, with the new capability released in the latest community edition which enables our co… -
Managing large playbook librariesIn an ideal world, every analyst in your security operations center would always be able to investi…
-
Sharing is caring: open source toolsWho said you need to spend some to get some? If its threat intelligence products such as Virus Tota…
-
Crisis management with SOARIt's one thing to experience a security incident but arguably more vital than preventing threats is…
