How to Use This
First, how NOT to use this
This is not meant to be a vendor or coverage comparison tool! Leave that to Gartner and Mitre. Coverage is a complex thing and each source has their own approaches and philosophies, which are better debated elsewhere. More rules does not always translate to more or better coverage.
For insights into creating high-quality, high-efficacy rules, check out the Zen of Security Rules
Insights can be derived from data by looking at it from different perspectives, especially when done in a visual manner. The idea of this project is to view rule development, the detection engineering ecosystem, and the threat landscape from alternative lenses.
There are multiple ways to search and visualize the data, depending on specific need or perspective. To maximize insights and perspective, it is all about filtering and pivoting. Whether starting with a search in Discover or any of the dashboards as part of the DETR, you can filter down around observations or known events, such as the release of a CVE or exploit.
Filtering is super simple within the dashboards, as you can use the controls at the top or click on any component of the dashboard to filter down as needed!
Of course, the source rule repos are all open source, for any further details required.
Personas and Use cases
It may be helpful to think about the following personas when using this project:
- Security Analysts
- Threat Hunters
- Security Engineers
- Security Researchers
- Security Managers
Additionally, consider the following use cases:
- Rule Development Lifecycle
- Threat Landscape Analysis
- Maintenance Costs
- Threat Coverage
- Data Sources and Field usage
Detailed Usage and Use Cases
Over time, entries for specific use cases and detailed usage will be explored to help share insights and perspectives.
Coming soon …
© A project by @br0k3ns0und | br0k3nlab