Regarding the Gem - we split every team (detection engineering, hunt, Intel, red team etc). Some are even in entirely other directorates. What questions did you have? I can share some challenges we have as a detection engineering team is consuming reporting from so many sources to add to our backlog is arduous and time consuming. This takes a lot of time from detection engineering development. We’re working on developing a method to automate it but right it’s duct tape and glue. Have you seen any approaches that work well?
Regarding the Gem - we split every team (detection engineering, hunt, Intel, red team etc). Some are even in entirely other directorates. What questions did you have? I can share some challenges we have as a detection engineering team is consuming reporting from so many sources to add to our backlog is arduous and time consuming. This takes a lot of time from detection engineering development. We’re working on developing a method to automate it but right it’s duct tape and glue. Have you seen any approaches that work well?