How National Grid gains rich attacker insight from Threat Response alerts with their "Tanium MITRE Rule"

National Grid has been using Tanium Threat Response for a number of years. However sometimes the number of the alert false positives seen for some intel have caused "alert fatigue", which, at its worst, risks a delayed response to real alerts.


Frank Furlo - National Grid
Scott McCarthy - Massachusetts Bay Transportation Authority

Additional Details:

Session Type: 

Products & Solutions: Threat Response

Difficulty: Beginner, Beginner-Intermediate, Intermediate, Intermediate-Advanced, Advanced

Focus: Security, Administrator, Operations, Risk