We have been working for 1 year with the SIEM part of netwitness. Now we have integrated the EDR part.
I am facing a problem, how do you create your EDR use cases?
After some internet research I can't find anything very relevant.
I guess there are several steps like :
1. Follow the news2. Trying to reproduce the attack scenarios at home 3. ...
But do you have the basics ? Des cookbooks ? I am interested in any information !Thank you,