Hello community,
We have been working for 1 year with the SIEM part of netwitness. Now we have integrated the EDR part.
I am facing a problem, how do you create your EDR use cases?
After some internet research I can't find anything very relevant.
I guess there are several steps like :
1. Follow the news
2. Trying to reproduce the attack scenarios at home
3. ...
But do you have the basics ? Des cookbooks ?
I am interested in any information !
Thank you,
