User Story
As a SOC engineer, I want the platform to automatically create Sigma rules after an emulation so that I can quickly detect similar attacks in the future.
Acceptance Criteria
-
A new Sigma rule is generated if the system detects a technique for which no existing rule is present.
-
If a Sigma rule already exists for a technique, the system either updates it or flags it as a duplicate.
-
The user can view newly generated rules in a “Detections” or “Rules” panel.
-
Rules are labeled with the MITRE technique ID or name for easy reference.
-
Regarding the automation also being able to manually interact with this function
-
Having also a button for automatic deployment of rules into integrations
User Story
As a SOC engineer, I want the platform to automatically create Sigma rules after an emulation so that I can quickly detect similar attacks in the future.
Acceptance Criteria
A new Sigma rule is generated if the system detects a technique for which no existing rule is present.
If a Sigma rule already exists for a technique, the system either updates it or flags it as a duplicate.
The user can view newly generated rules in a “Detections” or “Rules” panel.
Rules are labeled with the MITRE technique ID or name for easy reference.
Regarding the automation also being able to manually interact with this function
Having also a button for automatic deployment of rules into integrations