Evidence Description
Record showing a SIEM rule, detection query, alert condition, or correlation rule updated because of relevant threat intelligence.
What This Evidence Proves
This proves that threat intelligence influences monitoring and detection activities.
Related Controls
Related Risks
Source System
SIEM
Collection Method
SIEM content export, change ticket, rule repository commit, or detection engineering record.
Review Process
Reviewed monthly and after major ransomware advisories.
Audit Notes
Strong evidence links the rule update to the threat source, affected asset, approval, and deployment date.
- Evidence
- Audit
- Threat intelligence
Note Metadata
Aliases: EVID-0003
Source: 07-Evidence-Library/EVID-0003-SIEM-Rule-Update.md
Graph-sourced resources
Templates and evidence
Risk treatment artifacts
Risk records, mappings, and treatment-supporting references.