Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add response actions for lessons learned #289

Closed
wants to merge 1 commit into from
Closed

Add response actions for lessons learned #289

wants to merge 1 commit into from

Conversation

Karneades
Copy link
Contributor

New LL actions

  • RA_6003_document_results_and_new_knowledge_for_team.yml
  • RA_6004_add_new_detection_rules.yml
  • RA_6005_define_technical_debts.yml
  • RA_6006_improve_detection_capabilities.yml

@Karneades
Add response actions for lessons learned
0d882b8 
New actions
* RA_6003_document_results_and_new_knowledge_for_team.yml
* RA_6004_add_new_detection_rules.yml
* RA_6005_define_technical_debts.yml
* RA_6006_improve_detection_capabilities.yml
@yugoslavskiy
Copy link
Member

Hello @Karneades ! Thank you for your contribution. Right now we have an extremely busy schedule, no option to process your PR. We will respond to it during the week for sure.

@yugoslavskiy
Copy link
Member

Hello @Karneades !

We've posted discussion issue about the connection between RE&CT and Threat Detection.

It would be great if you participate.

Regarding the LL Actions:

RA_6003_document_results_and_new_knowledge_for_team.yml

I think it could be merged without any issues.

RA_6004_add_new_detection_rules.yml and RA_6006_improve_detection_capabilities.yml

These are connected to the discussion about RE&CT and TD connection.
We would like to develop a way to define connections with TD on a certain level of abstraction.
We don't know how it will look like yet, but one of the requirements — it should be consistent.
Which means, all RAs related to interaction with TD should be on the same level of abstraction.
They either do it like "improve coverage" and "improve detection capabilities" (instead of add detection rules) or all supposed to be like "add detection rules" / "add data a new source for detection" / "implement enrichment method".

RA_6005_define_technical_debts.yml

It is too high level. Better at least split by processes (i.e. Vulnerability Management, Threat Detection, Identity Management, Hardening etc).

How would you split it?

@Karneades
Copy link
Contributor Author

Hi @yugoslavskiy Will work on the split and will look into the IR/TD issue shortly.

@Karneades
Copy link
Contributor Author

Will close the PR and maybe work on that later in time.

@Karneades Karneades closed this Oct 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Karneades @yugoslavskiy