Recently, we’ve noticed more USA based attacks. Using MCAS we can block those attempts
mcas
4 posts
Getting MCAS setup should have been your first task but if you missed it, enriching the data will help you train MCAS and reduce the number of false positives and purely information alerts.
What if we want both low and high severity alerts from a policy? Technically MCAS can’t do this.
By make a few simple changes we can greatly reduce the amount of noise generated by MCAS and begin to use it powers for good and provide our tech staff with real actionable material to work with.