Post

Log inOpen app

Post

user avatar
Jamie Levy馃
@gleeda
So here鈥檚 a genuine question to those of you who actually run detective engineering teams: What do you consider as good inputs to that team? We could consider these as tickets, but what should those tickets contain? There seems to be a question of whether or not things should be broken down and spoonfed to a detection engineering team (think actual ELK queries or Sigma rules that they simply verify or tune), or if you should leave some things open to interpretation so that the team has something that they can research as well (think links to articles, incident reports, or threat reports). Or maybe it鈥檚 something in between where you give them command lines, persistence, mechanisms, hashes, and other indicators. Or is it possible that these things vary depending on the skill level of the individual involved?
12:37 AM 路 Jun 6, 202420.5KViews
15
5
40
34

See this post in the app

Use the app to view all comments and discover more posts.

Open X

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Relevant people

user avatar
Jamie Levy馃@gleedaFollow
Terms路Privacy路Cookies路Accessibility路Ads Info路漏 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up

Trending now