Use Case Development 2017.pdf
Use Case Development 2017
Methodology for developing and managing SOC use cases.
This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
-
Q: What is a 'Use Case' in the context of this presentation?A: A specific condition or set of conditions that the SOC is monitoring for to detect a threat.
-
Q: What is the 'Use Case Lifecycle'?A: Development, Implementation, Tuning, and Retirement.
-
Q: What is the 'MaGMA' framework reference?A: Management, Growth, Metrics, and Assessment - a framework for use cases.
-
Q: What is the 'False Positive Rate' target?A: Ideally less than 10% for high-fidelity alerts.
-
Q: What is the 'Data Source' requirement?A: You cannot detect what you do not log; ensure necessary logs are ingested.
-
Q: What is the 'Logic' component of a use case?A: The specific correlation rule or query used to trigger the alert.
-
Q: What is the 'Response' component?A: The defined playbook or procedure for handling the alert once triggered.
-
Q: What is 'testing' in use case development?A: Simulating the attack to ensure the use case triggers as expected.
-
Q: What is 'Tuning'?A: Adjusting thresholds and whitelists to reduce noise.
-
Q: What is the 'Documentation' requirement for use cases?A: Every use case must have a document describing its purpose, logic, and response procedures.
Ask a question
Have a doubt or need clarification?
I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.
Thank you!
I have received your message and I shall get back to you shortly.