Date
Time
-
Location
TBD
Creating high-fidelity alerts while minimizing noise is a constant challenge in any Security Operations Center—especially when dealing with a wide range of log data from endpoints, networks, and identity systems. Without robust correlation rules that span multiple log types and event sources, security teams often struggle to detect genuine threats amid a flood of false positives.
Nathan Pitchaikani and his team at Riot Games addressed this challenge by creating correlation rules that combine signals from various products, such as suspicious endpoint activity and large file transfer logs. Although each individual alert could be noisy on its own, correlating them helped pinpoint potential data exfiltration incidents with greater accuracy and fewer false positives.
To further streamline alert management and reduce false alarms, Nathan’s team introduced automation between their SIEM and SOAR tools. By automatically cross-checking related alerts on the same user or endpoint whenever a high-severity alert is triaged, the team can now escalate, auto-close, or maintain alerts based on context—thereby reducing fatigue and prioritizing critical threats.
In this talk, Nathan will share how these cross-platform correlation rules, refined detection strategies, and automated response workflows help Security Operations Centers strike the right balance between thoroughness and efficiency.