SOC as a Service - Artic Wolf
lwhite81
Member Posts: 26 ■■■□□□□□□□
I've just adopted an Artic Wolf system in a new role. Does anyone have any experience using or have any best practices to share? There is a lot of information available. Want to get a laser focus and determine what is best to focus.
Tagged:
Comments
-
LonerVamp Member Posts: 518 ■■■■■■■■□□Never heard of it.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
chrisone Member Posts: 2,278 ■■■■■■■■■□I spoke to them last year. They were heavily considered by my employer. I believe they use the SUMO SIEM. Most of your questions will be answered by them but they are your MSSP from what it sounds like. Start figuering out what kinds of dashboards, alerts, data you want to see or be alerted on by them. They manage endpoints as well, do you have those services with them? Do a weekly or bi-weekly call with them and they will help you setup anything you desire.
Think of them as the extended smart guys of your team who will stop what they are doing to assist you. Get familiar with them don't be afraid to ask them things about their current day or where they are from, open up a dialog.
Sorry I dont have any client customer experience with them only a few conference calls based on MSSP services we were looking at.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX