SIEM: Escape and Evade
For nearly three decades, SIEM tools have been the cornerstone of the SOC, centralising threat detection, alerting, and commonly used for ticketing, case management, and SOC metrics. But what if this essential tool could be bypassed, evaded, or even directly attacked?
Having both several years experience working directly for various SIEM vendors, we shall discuss and explore these possibilities in more depth, as well as emphasise the importance of continuous control testing.
We will aim to give some ideas to offensive teams, and also give defenders some things to think about!