|
1 | | -# Annual Roadmap Review |
| 1 | +# Annual Detection Engineering Roadmap Review |
2 | 2 |
|
3 | | -Review strategic progress, remaining gaps, and next-year objectives. |
| 3 | +## Purpose |
| 4 | + |
| 5 | +This document provides a structured annual review of the detection engineering roadmap, program progress, major accomplishments, remaining gaps, and strategic priorities for the next planning cycle. |
| 6 | + |
| 7 | +The goal is to evaluate how effectively the program progressed against its roadmap and to identify where focus, investment, or structural changes are needed next. |
| 8 | + |
| 9 | +--- |
| 10 | + |
| 11 | +## Review Period |
| 12 | + |
| 13 | +**Year:** |
| 14 | +**Prepared By:** |
| 15 | +**Review Date:** |
| 16 | + |
| 17 | +--- |
| 18 | + |
| 19 | +## Executive Summary |
| 20 | + |
| 21 | +Provide a concise summary of the year’s detection engineering progress. |
| 22 | + |
| 23 | +Suggested topics: |
| 24 | +- major milestones completed |
| 25 | +- program structure improvements |
| 26 | +- detection content growth |
| 27 | +- governance and reporting maturity |
| 28 | +- major constraints or risks |
| 29 | +- strategic priorities for next year |
| 30 | + |
| 31 | +--- |
| 32 | + |
| 33 | +## Roadmap Status Overview |
| 34 | + |
| 35 | +Summarize progress against each roadmap phase or objective. |
| 36 | + |
| 37 | +Example format: |
| 38 | +- Phase 1 — Foundation: complete |
| 39 | +- Phase 2 — Content Standardization: in progress |
| 40 | +- Phase 3 — Validation Framework: partially started |
| 41 | +- Phase 4 — Coverage Expansion: in progress |
| 42 | +- Phase 5 — Workflow Maturity: planned |
| 43 | +- Phase 6 — Automation and CI/CD: planned |
| 44 | +- Phase 7 — Reporting and Maturity Management: in progress |
| 45 | +- Phase 8 — Multi-Platform Expansion: future |
| 46 | + |
| 47 | +--- |
| 48 | + |
| 49 | +## Major Accomplishments |
| 50 | + |
| 51 | +List key achievements during the year. |
| 52 | + |
| 53 | +Examples: |
| 54 | +- repository structure established |
| 55 | +- executive proposal completed |
| 56 | +- program charter and strategy documents added |
| 57 | +- governance documents created |
| 58 | +- starter detections developed across ATT&CK tactics |
| 59 | +- tracking matrix implemented |
| 60 | +- triage guides introduced |
| 61 | +- reporting templates built |
| 62 | +- visuals created for strategy and reporting use |
| 63 | + |
| 64 | +--- |
| 65 | + |
| 66 | +## Detection Content Progress |
| 67 | + |
| 68 | +Summarize the state of detection content. |
| 69 | + |
| 70 | +Suggested areas: |
| 71 | +- total detections in repository |
| 72 | +- detections added this year |
| 73 | +- detections updated this year |
| 74 | +- detections by lifecycle |
| 75 | +- detections by tactic |
| 76 | +- normalization or schema consistency progress |
| 77 | +- triage guide coverage progress |
| 78 | + |
| 79 | +--- |
| 80 | + |
| 81 | +## Governance and Documentation Progress |
| 82 | + |
| 83 | +Summarize maturity in: |
| 84 | +- mission, scope, and operating model |
| 85 | +- lifecycle management |
| 86 | +- change control |
| 87 | +- exception management |
| 88 | +- data source catalog |
| 89 | +- metrics catalog |
| 90 | +- reporting readiness |
| 91 | +- contribution model clarity |
| 92 | + |
| 93 | +--- |
| 94 | + |
| 95 | +## Coverage Progress |
| 96 | + |
| 97 | +Describe progress in: |
| 98 | +- ATT&CK coverage expansion |
| 99 | +- identification of major gaps |
| 100 | +- tactic areas strengthened |
| 101 | +- telemetry-supported use case growth |
| 102 | +- remaining coverage weak points |
| 103 | + |
| 104 | +Optional supporting artifacts: |
| 105 | +- coverage matrix |
| 106 | +- visuals |
| 107 | +- tracking summaries |
| 108 | +- gap analysis |
| 109 | + |
| 110 | +--- |
| 111 | + |
| 112 | +## Risks and Constraints |
| 113 | + |
| 114 | +Document major program challenges. |
| 115 | + |
| 116 | +Examples: |
| 117 | +- incomplete telemetry coverage |
| 118 | +- uneven metadata quality |
| 119 | +- limited validation maturity |
| 120 | +- insufficient ownership assignment |
| 121 | +- competing priorities |
| 122 | +- backlog growth |
| 123 | +- lack of automation support |
| 124 | +- cross-platform expansion not yet started |
| 125 | + |
| 126 | +--- |
| 127 | + |
| 128 | +## Maturity Assessment |
| 129 | + |
| 130 | +Summarize the program’s current maturity using the detection engineering maturity model. |
| 131 | + |
| 132 | +Suggested areas to comment on: |
| 133 | +- strategy maturity |
| 134 | +- governance maturity |
| 135 | +- content maturity |
| 136 | +- operational readiness |
| 137 | +- reporting maturity |
| 138 | +- automation readiness |
| 139 | + |
| 140 | +Example: |
| 141 | +- current assessed maturity level |
| 142 | +- major traits supporting that level |
| 143 | +- major gaps preventing the next level |
| 144 | + |
| 145 | +--- |
| 146 | + |
| 147 | +## Lessons Learned |
| 148 | + |
| 149 | +Capture the most important lessons from the year. |
| 150 | + |
| 151 | +Examples: |
| 152 | +- what helped accelerate progress |
| 153 | +- what slowed program maturity |
| 154 | +- where structure mattered most |
| 155 | +- where documentation prevented confusion |
| 156 | +- where future workflow improvements are needed |
| 157 | + |
| 158 | +--- |
| 159 | + |
| 160 | +## Priority Objectives for Next Year |
| 161 | + |
| 162 | +List the most important goals for the next annual period. |
| 163 | + |
| 164 | +Examples: |
| 165 | +- finish content standardization |
| 166 | +- improve lifecycle discipline |
| 167 | +- expand validation structure |
| 168 | +- strengthen ATT&CK gap closure planning |
| 169 | +- improve metrics reporting cadence |
| 170 | +- introduce GitHub Actions quality checks |
| 171 | +- begin Splunk-aligned expansion |
| 172 | + |
| 173 | +--- |
| 174 | + |
| 175 | +## Leadership Support Needed |
| 176 | + |
| 177 | +Document decisions or support needed from leadership or stakeholders. |
| 178 | + |
| 179 | +Examples: |
| 180 | +- telemetry onboarding support |
| 181 | +- program prioritization |
| 182 | +- staffing or ownership clarity |
| 183 | +- tooling support |
| 184 | +- validation environment needs |
| 185 | +- automation support |
| 186 | + |
| 187 | +--- |
| 188 | + |
| 189 | +## Recommended Next-Year Focus Areas |
| 190 | + |
| 191 | +Suggested categories: |
| 192 | +- strategic maturity |
| 193 | +- reporting maturity |
| 194 | +- content quality |
| 195 | +- validation readiness |
| 196 | +- roadmap execution |
| 197 | +- cross-platform planning |
| 198 | + |
| 199 | +--- |
| 200 | + |
| 201 | +## Appendix |
| 202 | + |
| 203 | +Optional supporting materials: |
| 204 | +- metrics summary |
| 205 | +- coverage matrix snapshot |
| 206 | +- visuals |
| 207 | +- quarterly review highlights |
| 208 | +- backlog summary |
| 209 | +- documentation completion summary |
0 commit comments