Earlier this week, I published a piece in SecurityWeek entitled “Throw Out The Default Rule Set” (http://www.securityweek.com/throw-out-default-rule-set). The piece discusses the benefits of discarding the default rule set that is included with many alerting and SIEM technologies and taking a different approach entirely. The approach described in the piece suggests identifying risks and threats to the business, and using those to build a set of use cases unique to the specific organization. Those use cases can be used to build a rule set that is more adequately suited to the specific organization running it. Ultimately, if done correctly, this approach can result in far fewer false positives, far less noise, and a much higher signal-to-noise ratio. If this concept intrigues you, I’d urge you to have a look.