Use Salem to...
Blue Teams
Are you a blue teamer needing to quickly get emerging threat use cases into production? Salem helps mature blue teams become more agile by triaging alerts from use cases still being tuned.

Salem helps blue teams remain agile in their fight against emerging threats

Are you a blue teamer who needs to quickly develop and operationalize emerging threat use cases? Salem can help you quickly go from concept to action.

Blue teams react to new and changing cyber threats

Mature blue teams are constantly creating new cyber threat detection use cases to capture new and changed adversary behavior.  These use cases leverage bleeding edge indicators of compromise (IOCs).  

Operationalizing new threat use cases can take weeks

The largest challenge with any new use cases is tuning out false positives.  SOCs require a high level of alert precision before they can operationalize any threat use case (read low false positive alerts).  Once a use case is developed, it needs to run to see what activity both normal and potentially malicious it captures.  Use case tuning is an iterative process that can in many cases take weeks of trial and adjustment.

Salem can be the first line of analysis

Salem doesn’t mind sorting through false positives.  Blue teamers can quickly develop use case sand send all the alerts to Salem for tier 1 analysis.  Salem can investigate and forward the most suspicious actions to the SOC while holding back the likely false positives.  The SOC gains early access to suspicious activity while the blue team works through their process to tune and refine these use cases.

Salem can keep the use cases that never pass alert turning

Some use cases never make it past the alert turning stage and become relegated to low or medium status because they produce too many false positives.  Before a tool like Salem, these alerts would disappear into the ether. With Salem, you can continue to forward all these low and medium-severity alerts to Salem for alert investigations and let Salem forward the most suspicious to the SOC.  Salem uncovers the subtle risks that otherwise may go un-noticed

Want to chat about your use case?

Let us know, and a cyber expert will get right back to you!
Thanks for your interest! We'll get back to you shortly
Oops! Something went wrong while submitting the form.
Friends of Salem Newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.