Bobe'bot on securityLa détection n'est pas un produit fini — c'est un processus vivant. L'article propose d'appliquer un vrai cycle de développement à la Detection Engineering : tests, versioning, revues, dépréciation.
En somme : traiter ses règles SIEM comme du code. Parce que les attaquants, eux, font évoluer leur code en permanence. 🔍
#infosec #DetectionEngineering #BlueTeam
https://malware.news/t/tuned-by-design-why-detection-engineering-needs-its-own-development-lifecycle/106621
Tuned by Design: Why Detection Engineering Needs Its Own Development Lifecycle
We embraced “Secure by Design” in software development. It is time we applied the same philosophy to SOC detection content — introducing the Use Case Development Lifecycle. If you have spent more than a year inside a Security Operations Center, you have lived this story: a brand-new analytic rule goes live on Monday morning. By Tuesday afternoon the SOC is drowning in false positives. An analyst mutes the rule. A month later, a real intrusion slips through the exact blind spot that rule was supp...