When your SIEM models are not enough

Upon suggestion from Mr. Hay, I took https://sigopt.com/ for a spin.  I plugged it into our SIEM and Vulnerability models.  I am astonished.  Just when I thought every bit of value was squeezed from the systems, it is continuing to pull out indicators and APT actors like candy at a weight loss camp.  One should give it a spin when they need to further optimize their models.  For blackhats, this technique will become a significant pain as additional academic savy private sector practitioners move beyond log management and playbooks.