Prof Wool: Advanced Cyber Threat and Incident Management

Lesson 1: How to Bring Business Context into Incident Response

Advanced Cyber Threat and Incident Management: Lesson 1

SIEM solutions collect and analyze logs generated by the technology infrastructure, security systems and business applications. The Security Operations Center (SOC) team uses this information to identify and flag suspicious activity for further investigation. In this lesson, Professor Wool explains why it’s important to connect the information collected by the SIEM with other databases that provide information on application connectivity, in order to make informed decisions on the level of risk to the business, and the steps the SOC needs to take to neutralize the attack.

Learn more about AlgoSec at and read Professor Wool's blog posts at