Notable Security Intelligence Links

Discussions around SIEM

The discussion comes down to:

  • Structured vs. unstructed data
  • historical data analysis vs. real-time correlation
  • Arcsight vs. Splunk/ELK
  • Alert driven vs. Exploration driven security

http://www.metanetivs.com/ditch-the-funnel/
http://infosecnirvana.com/siem-product-comparison-101/
http://infosecnirvana.com/clash-titans-arcsight-vs-qradar/
http://skizzlesec.com/2014/06/08/security-analysts-discuss-siems-elasticsearchlogstashkibana-vs-arcsight-splunk-and-more/
http://infosec20.blogspot.nl/2013/03/big-data-security-analytics.html

Best practices for alerting

https://docs.google.com/document/d/199PqyG3UsyXlwieHaqbGiWVa8eMWi8zzAn0YfcApr8Q/edit
http://www.sans.org/reading-room/whitepapers/auditing/successful-siem-log-management-strategies-audit-compliance-33528

Data Science

http://www.datatau.com/
http://datasciencemasters.org/
http://www.zipfianacademy.com/
https://www.coursera.org/specialization/jhudatascience/1?utm_medium=courseDescripTop

Big data

http://www.research.att.com/techdocs/TD_101024.pdf
http://www.thetaray.com/technology/white-papers-2/

Security Intelligence

http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=490532

SOC

http://www.rsaconference.com/writable/presentations/file_upload/tech-203.pdf
http://www.securite.org/presentations/soc/MEITSEC-SOC-NF-v11.pdf
http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf
http://www8.hp.com/h20195/v2/GetDocument.aspx?docname=4AA4-9490ENW

HP Arcsight

http://alienone.github.io/ArcSightSOPS/