Currently I'm working on my own CTI/Threat-hunting platform, which will address lots of problems associated with security monitoring such as:
- Lack of skilled analysts.
- Information overload.
- Poor network visibility.
- Clunky UI and useless data visualizations.
- Alert fatigue/analyst burnout.
- Poor data scaling.
- Hardware performance issues.
- Slow time-to-action on large enterprise networks.
My goal is to replace all crap SIEMs from the face of the earth with something more useful that assist analysts detection capabilities and also allows stopping attacks with a mouse click (or two).