Framework Core

Framework Core

The Framework Core delineates a suite of activities designed to accomplish specific cybersecurity objectives, supplemented by illustrative examples to guide their implementation.

Functions, Goals, Guidelines

There are set of functions, goals and guidelines for each phase from the detection lifecycle. Functions, goals, guidelines help the detection engineer to have north star focus and deliver a detection with exceptional quality.


Similarly to python functions those are single goal activities that return or drive particular outcome. {{Example}}


Every function aims to deliver defined and desired result. Though goals may be high-level and occasionally abstract, establishing a direct correlation between functions and goals is strongly recommended.


Guidelines serve as adaptable reference materials aiding in the attainment of goals within any given function. For instance, a document detailing a company’s unique Change Management process would qualify as a guideline.


The Core encompasses three primary lifecycle phases:

These phases collectively chronicle the lifespan of a detection mechanism, from its conception to its eventual retirement/decommissioning.