Regarding the Gem - we split every team (detection engineering, hunt, Intel, red team etc). Some are even in entirely other directorates. What questions did you have? I can share some challenges we have as a detection engineering team is consuming reporting from so many sources to add to our backlog is arduous and time consuming. This takes a lot of time from detection engineering development. We’re working on developing a method to automate it but right it’s duct tape and glue. Have you seen any approaches that work well?
Hey, thanks for commenting! I imagine the biggest pain point is siloed work. How do you take advantage of work outputs from these disparate teams in disparate directorates into a backlog for detection?
Silo'd work is definitely a problem. We don't have a great solution today but are working on one. One thing I'm thinking about enforcing a report format schema and applying some ML to sus out themes from reports to categorically identify clusters of behavior in order to build relationships between information sources. Its a pretty complicated problem. Have you found any good options?
Regarding the Gem - we split every team (detection engineering, hunt, Intel, red team etc). Some are even in entirely other directorates. What questions did you have? I can share some challenges we have as a detection engineering team is consuming reporting from so many sources to add to our backlog is arduous and time consuming. This takes a lot of time from detection engineering development. We’re working on developing a method to automate it but right it’s duct tape and glue. Have you seen any approaches that work well?
Hey, thanks for commenting! I imagine the biggest pain point is siloed work. How do you take advantage of work outputs from these disparate teams in disparate directorates into a backlog for detection?
Silo'd work is definitely a problem. We don't have a great solution today but are working on one. One thing I'm thinking about enforcing a report format schema and applying some ML to sus out themes from reports to categorically identify clusters of behavior in order to build relationships between information sources. Its a pretty complicated problem. Have you found any good options?