I thought this was an incredibly relevant post/article about many high level themes of this course. This is an article about threat intelligence and how to use it to actually make you more secure.
The first part of the article talks about something we already did a little bit of with ACL. You need to sift through all the data you’re receiving and figure out what is useful and what isn’t. You will waste a lot of time and resources if you analyze everything, not to mention you could end up going down a rabbit hole and making a false alarm. In the article it mentions a utility calling in the FBI for what ended up being an innocent employee checking their Yahoo email.
The 7 recommendations are:
Get the right people looking at it
Make it industry specific
Keep it timely
Use realizable sources
Review it against your activities in your environment
Stay on top of it
I came to find this article because I did a news search for “Splunk” in anticipation for our next class module. I’ve used Splunk before, but I never really researched it in industry news. It’s clearly very well respected and I look forward to learning more about it.