Which detection rules for my SOC?

Throughout my (young) career, I’ve seen many different SOC projects and I thought I should share what approaches have more chance of success. So here are some approaches that might apply well in your environment… or not. The “collect everything” approach The Business case approach The MITRE ATT&CK coverage approach The Intelligence-driven approach I also […]