Question from a friend: In a functional security org, who is normally responsible for designing initial alerting use cases in a SIEM? An engineering function? IR? Ethical hacking? Threat intel?In modern teams, this is a key function of Detection Engineering.

← @kwm Twitter archive

Keith

@kwm

Question from a friend: In a functional security org, who is normally responsible for designing initial alerting use cases in a SIEM? An engineering function? IR? Ethical hacking? Threat intel?

In modern teams, this is a key function of Detection Engineering.

5/13/2020, 9:57:00 AM

Favs: 208

Retweets: 55

link

Keith

@kwm

Threat intelligence is the cornerstone of high-functioning security operations. And you don't need a big or dedicated team to be successful.

Understand your threat model, use it to drive decision-making:

- data sources
- controls (preventative, detective)
- detection criteria

5/13/2020, 1:47:39 PM

Favs: 56

Retweets: 7

link