Many of the resources to help build a set of use cases are poor quality and published by SIEM vendors. This is an effort to bring together resources helpful in improving detection. Mapped to MITRE ATT&CK where appropriate.
Many of the resources to help build a set of use cases are poor quality and published by SIEM vendors. This is an effort to bring together resources helpful in improving detection. Mapped to MITRE ATT&CK where appropriate.
The focus is on information to help build use cases that generate high quality alerts but there is crossover into SOC, Incident Response and Threat Hunting.
The focus is on information to help build use cases that generate high quality alerts but there is crossover into SOC, Incident Response and Threat Hunting.
TL;DR: If you have just inherited or acquired a SIEM and are thinking 'What do I actually do with all these logs?' then probably the best place to start is the Sigma ruleset. Some thinking about detection engineering and maturity probably a good idea too....