Code Monkey home page Code Monkey logo

speed-siem-use-case-framework's Introduction

The SPEED Use Case Framework

Repository for SPEED SIEM Use Case Framework

What is a Use Case Framework?

A Use Case Framework is an analytical tool that has a series of cyber security related distinctions which are translated into a directory structure (or categories) that facilitate the organization of cyber security detection rules. The objective of building a Use Case Framework is to better protect the organization’s valuable assets by designing and developing detection use cases using a holistic approach that connects (with always newly emerging) regulatory, compliance and threat requirements. The framework provides more granular control over its detection coverage and ongoing development.

Why a Use Case Framework?

• To have a holistic “frame of reference” where detection use cases can be categorized into. • To quickly see where your use cases are lacking and need more attention (blind spots). • To facilitate a phased approach of expanding new use cases based on a large variety of inputs and priorities (Use Case Roadmap).

What are the Key “SPEED Use Case Framework” differentiators?

A. Vendor neutral B. Separate from the Use Case Lifecycle Management. C. Agile and Flexible (can be changed later-on) D. Simple and clear by design. E. Addresses Qualitative and Quantitative Threat modelling requirements from the Cyber Threat Intelligence (CTI) team. F. Specific Naming conventions allowing easier integration with SOAR Playbook categorizations.

What is the Added value by the SPEED Use Case Framework?

  • Clear Location for log source monitoring use cases
  • Location for generic Threat actor Threat modeling using the kill-chain
  • Location for threat modeling threat actors like “North Korea” using the kill-chain
  • Key Distinctions between Threat intelligence types
  • Key Distinction between Attacker-centric and Defense in depth model
  • Very clearly defined naming conventions that are consistent all over the framework

What Can I do to implement the SPEED Use Case Framework?

  1. Initial SIEM installation (or existing SIEM installation)
  2. Disable All Rules (or disable those who you don’t actively use)
  3. Structure Rule Directories
  4. Determine Implementation Criteria and a Use Case Framework
  5. Start implementing and migrating out-of-the-box Use cases to a chosen Use Case Framework with corresponding implementation criteria.

speed-siem-use-case-framework's People

Contributors

correlatedsecurity avatar

Watchers

James Cloos avatar

Forkers

morpheusme

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.