Are you a blue teamer who needs to quickly develop and operationalize emerging threat use cases? Salem can help you quickly go from concept to action.
Mature blue teams are constantly creating new cyber threat detection use cases to capture new and changed adversary behavior. These use cases leverage bleeding edge indicators of compromise (IOCs).
The largest challenge with any new use cases is tuning out false positives. SOCs require a high level of alert precision before they can operationalize any threat use case (read low false positive alerts). Once a use case is developed, it needs to run to see what activity both normal and potentially malicious it captures. Use case tuning is an iterative process that can in many cases take weeks of trial and adjustment.
Salem doesn’t mind sorting through false positives. Blue teamers can quickly develop use case sand send all the alerts to Salem for tier 1 analysis. Salem can investigate and forward the most suspicious actions to the SOC while holding back the likely false positives. The SOC gains early access to suspicious activity while the blue team works through their process to tune and refine these use cases.
Some use cases never make it past the alert turning stage and become relegated to low or medium status because they produce too many false positives. Before a tool like Salem, these alerts would disappear into the ether. With Salem, you can continue to forward all these low and medium-severity alerts to Salem for alert investigations and let Salem forward the most suspicious to the SOC. Salem uncovers the subtle risks that otherwise may go un-noticed