Detection proposals
Detection-as-code lifecycle. Every proposal is graded by run_evals.py and a ≥ 1pp MITRE accuracy regression vs. the active baseline blocks promotion to a live rule.
SIEM detection rules and tuning
SOC Analyst
Admin
Detection-as-code lifecycle. Every proposal is graded by run_evals.py and a ≥ 1pp MITRE accuracy regression vs. the active baseline blocks promotion to a live rule.