The basis of threat detection in security operations centres over the past decade has predominantly relied on rules, commonly defined by SIEM vendors. These “rules” (also called alarms, alerts or use cases depending on the SIEM vendor, or as we prefer to call them...
