If a SIEM exists in a company for a more extended period, then the number of SIEM use cases also increases. Different requirements mean that use cases recognize similar threats multiple times. An increasing number of use cases often means that the overview is lost, which threats are currently covered, and where a high risk arises from a lack of coverage. Use cases have to be continually adapted to reduce false positive alarms.
This service analyzes existing SIEM use cases about the current threats. We examine where gaps exist in the detection of risks and where use cases are redundant to others. In the next step, use cases are optimized with a large number of false positive alarms, which means that they are significantly reduced. The detection rate of existing use cases is improved by adapting them better to the company. To ensure that alarms are processed efficiently, existing runbooks and SOC processes are also optimized.