@mikhail_khusid If you subscribe to the notion that a good enough threat model is good enough to start, you don't need purple or red teams to formulate use cases. Look at - <a href="https://github.com/Neo23x0/sigma">https://github.com/Neo23x0/sigma</a> from @cyb3rops - <a href="https://github.com/olafhartong/sysmon-modular">https://github.com/olafhartong/sysmon-modular</a> from @olafhartong - <a href="https://github.com/redcanaryco/atomic-red-team">https://github.com/redcanaryco/atomic-red-team</a> - [more]

← @kwm Twitter archive

Keith

@kwm

@mikhail_khusid If you subscribe to the notion that a good enough threat model is good enough to start, you don't need purple or red teams to formulate use cases. Look at

- https://github.com/Neo23x0/sigma from @cyb3rops
- https://github.com/olafhartong/sysmon-modular from @olafhartong
- https://github.com/redcanaryco/atomic-red-team
- [more]

5/13/2020, 10:23:21 PM

Favs: 17

Retweets: 4

link