8 Return on Investment Detections

Creating detections and alerts is the bread and butter of any security operations center (SOC) environment. It should not be a surprise to anyone that less than stellar detections are created/triggered daily. This chapter will discuss alerts that we have had the highest efficiency ratings on, as well as the lowest, and how to measure their success. The skills from this chapter will allow you to identify detections that are not efficient, create more efficient alerts, and implement metrics to measure alerts. The topics that we will cover in this chapter include:

Reviewing examples of poorly created detections and their consequences
Finding the winners or the best alerts
Measuring the success of a detection

Get Aligning Security Operations with the MITRE ATT&CK Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Aligning Security Operations with the MITRE ATT&CK Framework by Rebecca Blair

8

Return on Investment Detections

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly