And I’m talking real smoking guns, not crappy anomaly alerts. From my experience, the most effective use cases for threat detection are those which simply: So: Here’s an example for logic that would provide good use cases involving malicious intent: The ‘direction’ of the action might also be important, eg:Inbound > outbound detection with validation of … Continue reading SIEM Use Case Guide – Part 2