Playing Detection with a Full Deck
Introduction
As a consultant I have the opportunity to work with clients to help mature their Detection and Response (D&R) process. Sometimes this includes helping with the creation, improvement, or evaluation of detection rules. After helping with many clients with numerous detection rules, I observed one consistent theme that kept popping up, many of the rules were written in a way that seemed to be missing a large portion of the potential detection opportu…