Rules Catalog Review 📒

After several months of work, we have completely reviewed our XDR Rules Catalog with almost 600 verified detection rules! Last year we initiated the very long process of reviewing every single rule within our XDR Rules Catalog in order to:

  • rewrite the detection pattern from STIX to Sigma
  • test and replay every needed attack
  • strengthen our continuous integration process for each rules with original related log event and syntax checking (details on this process in an upcoming blogpost)
  • improve meta data related to the rules (related threats, data sources, tags on which you can now filter)
  • globally improve detection quality

This review allows us to greatly improve our Rules Catalog quality and drastically reduces false positives. This will of course remain a permanent effort, along with new rules creation while always sticking to our goal in limiting the false positives but still providing a high detection quality.

What do you think about this update?