No more typing reviews! Try our Samantha, our new voice AI agent.

Robert Cheruiyot

  • IT Security Consultant at Microlan Kenya Limited
  • Has 5-10 Years Of Experience
Badges
35 Points7 Years
User Activity
About 3 years ago
Contributed a review of Wazuh: Reliable, good endpoint security, and helpful documentation
About 3 years ago
Contributed a review of Tenable.io Web Application Scanning: Reasonably priced, good pricing, and reliable
About 3 years ago
Contributed a review of Splunk Observability Cloud: Simple to install and configure with many interesting features
Almost 4 years ago
Answered a question: What are the top use cases to implement after deploying a SIEM?
-Detect unusual/suspicious logins. For example, you can count the number of failed login attempts within a given time  -Detect abnormal traffic which might indicate potential C2 traffic -Detect attempts to access your systems/network from unusual locations / IPs -Monitor…
Over 4 years ago
Answered a question: How do you decide about the alert severity in your Security Operations Center (SOC)?
Hi @Evgeny Belenky I think as long as you do this thing manually, you will always have to be subjective. One will always say alerts from critical assets first, setting them with higher priority. But the concept of threat intelligence will help. Threat intelligence feeds…
Over 4 years ago
Answered a question: Are you aware of SIEM platforms that integrate both Active Directory auditing and security monitoring tools?
Hi @Giusel With the rise in insider threats, the idea of UEBA is becoming a must-have component in SOC.  This makes it necessary to have AD users or users from any other source to be available for monitoring in SIEM platforms. RSA NWP does this and definitely many other…
Over 4 years ago
Contributed a review of Splunk Enterprise Security: Efficient, scalable, robust and easy to use
Over 4 years ago
Contributed a review of Wazuh: Good integration with other platforms but not easily scalable and lacks threat intelligence
Over 4 years ago
Answered a question: What are the best practices for Security Operations Center (SOC)?
Hi Giusel From my little experience, it's always good to have a good working plan on how you are going to start setting up a SOC and how you are going to gradually mature the SOC. The primary consideration is the availability of 3 components: people, technology and process.…
Over 4 years ago
Answered a question: What is an incident response playbook and how is it used in SOAR?
Hi Rony,  Playbook automates the gathering of threat intelligence from a myriad of sources of threat intelligence. Playbooks ingest alerts from tools like SIEM and scan the alerts against the threat intelligence sources like VirusTotal and others in order to get information…
About 5 years ago
Commented on Q&A roundup: Successful SIEM implementation
Great advises,
Experience
Reviews
Wazuh Logo
About 3 years ago
Wazuh
Reliable, good endpoint security, and helpful documentation
Tenable.io Web Application Scanning Logo
About 3 years ago
Tenable.io Web Application Scanning
Reasonably priced, good pricing, and reliable
Splunk Observability Cloud Logo
About 3 years ago
Splunk Observability Cloud
Simple to install and configure with many interesting features
Splunk Enterprise Security Logo
Over 4 years ago
Splunk Enterprise Security
Efficient, scalable, robust and easy to use
Wazuh Logo
Over 4 years ago
Wazuh
Good integration with other platforms but not easily scalable and lacks threat intelligence
Answers
Almost 4 years ago
Security Information and Event Management (SIEM)
What are the top use cases to implement after deploying a SIEM?
Over 4 years ago
SOC as a Service
How do you decide about the alert severity in your Security Operations Center (SOC)?
Over 4 years ago
Security Information and Event Management (SIEM)
Are you aware of SIEM platforms that integrate both Active Directory auditing and security monitoring tools?
Over 4 years ago
Security Incident Response
What are the best practices for Security Operations Center (SOC)?
Over 4 years ago
IT Alerting and Incident Management
What is an incident response playbook and how is it used in SOAR?
Comments
About 5 years ago
Security Information and Event Management (SIEM)
Q&A roundup: Successful SIEM implementation