CSNF birthday cake is the most current implementation of the CSNF decorator.
What is the purpose/what are we trying to convey
Let’s demonstrate how the CSNF can be used to standardize and decorate alerts from multiple clouds to accelerate SOC decision making through automation, eliminating false positives and enabling the SOC to focus attention on what is most important in terms of risk, leading to improved security outcomes for the long haul
Assuming an adversary is able to access a Cloud account, how would we prevent them from moving laterally in the cloud and pivoting and attempting to access more high value assets?
What you will see in this demonstration is one way that the CSNF canonical model and decorator can be implemented to address the key challenge creating a scalable and unified alerting pipeline that can be used to send alerts from any cloud source to the SOC.
Once the SOC receives the alert they will need to use automation to determine how to respond to the alert. That’s where the CSNF decorator comes in.
Finally we need to be ready to take action according to our playbook. What will we do to protect the organization?
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.