10

Validating Any Mappings and Detections

The most important step you can take to help yourself with creating mappings and good detections is by setting up a review process. This can be completed manually, or you can create an automated feedback loop to track the efficiency ratings of your mappings and make improvements when necessary. Whether this is necessary will be dependent on the fields that are captured when an alert is closed, such as Value Added, Closed State, and so on.

This chapter will cover the following topics:

  • Discussing the importance of reviews
  • Saving time and automating reviews with examples
  • Turning alert triage feedback into something actionable

Technical requirements

For this specific chapter, no installations or specific ...

Get Aligning Security Operations with the MITRE ATT&CK Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.