• Home
  • Reduce SOC Costs – SIEM Use Case Tuning

Reduce SOC Costs – SIEM Use Case Tuning

This service includes the following

  • Review and analysis of existing use cases regarding the threats to the company.
  • Reduce redundant and false positive alarms from use cases.
  • Improve the detection rate of current use cases.
  • Optimize runbooks and SOC processes.

Goals

  • Analyze existing SIEM use cases about current threats to the company.
  • Remove redundant use cases, reduce “false positive” alarms from use cases.
  • Improve the adaptation of use cases to the company.
  • Optimize runbooks and processes for existing use case alarms.

Details

If a SIEM exists in a company for a more extended period, then the number of SIEM use cases also increases. Different requirements mean that use cases recognize similar threats multiple times. An increasing number of use cases often means that the overview is lost, which threats are currently covered, and where a high risk arises from a lack of coverage. Use cases have to be continually adapted to reduce false positive alarms.

This service analyzes existing SIEM use cases about the current threats. We examine where gaps exist in the detection of risks and where use cases are redundant to others. In the next step, use cases are optimized with a large number of false positive alarms, which means that they are significantly reduced. The detection rate of existing use cases is improved by adapting them better to the company. To ensure that alarms are processed efficiently, existing runbooks and SOC processes are also optimized.