anyone have written/implemented logic to best make use of tagging and alerting SIEM outcomes to a use case framework. I was mostly looking for MaGMa framework which is getting popularity
Any help or implementation tips to a use-case framework would be very helpful
I am sure others can speak more about it than myself with regards to direct experience, but the alerting framework does support native tagging of Mitre Attacks when creating rules and here is a blog post about it:
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.