← @kwm Twitter archive

Keith

@kwm

Question from a friend: In a functional security org, who is normally responsible for designing initial alerting use cases in a SIEM? An engineering function? IR? Ethical hacking? Threat intel?

In modern teams, this is a key function of Detection Engineering.

5/13/2020, 10:57:00 AM

Favs: 217

Retweets: 57

Keith

@kwm

Threat intelligence is the cornerstone of high-functioning security operations. And you don't need a big or dedicated team to be successful.

Understand your threat model, use it to drive decision-making:

- data sources
- controls (preventative, detective)
- detection criteria

5/13/2020, 2:47:39 PM

Favs: 57

Retweets: 7