A breakdown of the UDEF in steps

A breakdown of the UDEF in steps#

  1. Data and Posture Baseline Lifecycle (DPBL)

  • a. Understand the environment

  • b. Understand the data

  • c. Baseline the data

  • d. Baseline defensive posture

  • e. Baseline industry threat coverage

  • f. Hunt for outliers and unknown threats

  1. Research and Capability Development Scoping (RCDS)

  • a. Coverage

  • b. Prevalence

  • c. Urgency

  • d. Capability

  • e. Influence

  • f. Constraints

  1. Detection Capability Development Lifecycle (DCDL)

  • a. Research

    • i. Threat Research Lifecycle (TRL)

      1. Motivation

      2. Contemplation

      3. Collaboration

      4. Observation

      5. Identification

      6. Accumulation

      7. Preservation

      8. Cultivation

  • b. Capability development and testing

  • c. Release | activate

  • d. Monitor | triage

  • e. Tune or deprecate

  • f. Hunt for known threats

  1. Detection Engineering as Code (DEaC)

  • a. Detections as code

  • b. Operationalize telemetry and metrics