Tried to create a "Threat Detection Framework" which can map following parameters.
1- The "Kill Chain" Concept
2- Your Use Cases integrated on SIEM
3- Your data sources which are supposed to generate relevant logs.
I would shortly also share the challenges, advantages and dis-advantages.
Please share your views if any.