Measuring reaction to detection

austinsonger · March 28, 2021, 5:48pm

So here is what I do for our clients when it comes to using Elastic SIEM and ensuring SLA:

Use JIRA Service Desk and use their SLA feature
Configure Elastic SIEM to create a ticket in JIRA automatically anytime a Detection is trigger in Elastic.
- Here is the easy of bulk editing script all of the detection rules
  - Elastic Security: Bulk Detection Rule Modification via Detection API - JIRA Connector
  - GitHub - austinsonger/Elastic-Security: Repo for Automations and other solutions for Elastic SIEM/Security.
So we basically subvert Elastic SIEM to JIRA for the initial detection and the following will show the information I have sent to JIRA:
- Elastic SIEM Connector to JIRA Service Desk Template #JIRA #Elastic · GitHub

Topic		Replies	Views
Detection Alerts - Creating JIRA Ticket (Automatically) SIEM elastic-stack-alerting	4	869	January 14, 2021
See Who's changing signal detections Elastic Security	4	406	April 25, 2021
Alerting by amount of "hits" SIEM	2	403	June 18, 2020
Detection rules SIEM detection-rules	4	679	January 11, 2021
Generate a Detection when new document is indexed Elastic Security elastic-stack-monitoring , elastic-stack-alerting	8	1513	May 7, 2021