This study proposes to investigate a possible methodology in assisting organisations and cybersecurity professionals in selecting SIEM Use Cases based on the catalogued techniques in the Mitre Att@ck Framework. This methodology should consider the respective technical and organisational environment, internal and external requirements, as well as best practices and the available security know-how of the company or organisation.
The standard way how SIEM Use Cases are selected
The simplified approach..
SIEM Use Case Selection Methodology
The research has shown that it is possible to have a unified approach in using SIEM Use Case focus areas necessary for their selection and combine them with the relevant cybersecurity standards and frameworks. The result is a flexible methodology allowing for various parameters to be configured to receive a list of applicable SIEM Use Cases.
Methodoloy to select SIEM Use Cases (Imthurn, 2019)
With moving the detection capability of an organisation back into the focus, we can break down the goals based on the data gathered.
None of the existing parameters was subdued or marginalised with this approach, and it still can be added if required. At the centre is still a robust cybersecurity program driving the organisational needs, but it will be supported with qualified data from a relevant threat source able to assist in formulating a roadmap of rolling out detection capabilities. It answers the questions of what is needed to be able to detect the threats against the organisation.
More details on how the methodology works can be accesses on github.
https://github.com/siemucsm/siemucsm