8 Documentation and Detection Pipelines

In Chapters 6 and 7 of the book, we learned how to create a set of detections. As your team begins to build out your detection repository, it is important to maintain quality by enforcing standards upon the team, and yourself.

In this chapter, we will begin by looking at how to document detections. Proper documentation standards are key to maintaining knowledge within your detection team and supporting SOC analysts reviewing alerts created by the detections. We will demonstrate the type of information that should be documented and methods to standardize and keep the documentation.

Another way to enforce quality is through the use of a detection pipeline. Leveraging a detection pipeline is a good way to ...

Get Practical Threat Detection Engineering now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Threat Detection Engineering by Megan Roddie, Jason Deyalsingh, Gary J. Katz

8

Documentation and Detection Pipelines

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly