Security monitoring and cyber risk
Jorrit Folmer CISSP CCSP @jorritfolmer
Cyber Defense Engineering Consultant. Jorrit has implemented Security Incident and Event Management (SIEM) systems for government and financial SOCs. He is the author of several popular add-ons for Splunk Enterprise Security to onboard and process security-related data sources. He also gives regular talks on topics intersecting data analytics and security monitoring.
Carbanak+FIN7: MITRE EDR evaluations round 3
What do the evaluation results and vendor marketing really tell you? A dive into Monday mornings, noise generators and end-to-end information loss.
Detecting APT29: MITRE EDR evaluations round 2
Which EDR vendor detects most APT29 steps? Based on MITRE's set of EDR evaluation results, I used Splunk to analyze their data.
Comparing MITRE EDR evaluations results for APT3
Which EDR vendor detects most APT3 steps? This is an analysis using Python and Splunk of the data MITRE published.