SIEM tactics, techniques and procedures
These resources are intended to guide a SIEM team to…
- Develop a workflow for content creation (and retirement) in the SIEM and other security tools.
- Illustrate detection coverage provided and highlight coverage gaps as goals to fill.
- Eliminate or add additional layers of coverage based on organizational needs.
- Ensure proper logs are generated and recorded for sufficient detection, investigation, and compliance.