Agile Development

https://opstune.com/2017/10/15/siem-use-cases-development-workflow-agile-all-the-things/

'Detection is Hard' and 'How to Make Threat Detection Better?' by the great Anton Chuvakin of Google Cloud Security

https://medium.com/anton-on-security/why-is-threat-detection-hard-42aa479a197f

https://medium.com/anton-on-security/how-to-make-threat-detection-better-c38f1758b842

Two terrific twitter threads from Chris Sanders and Jon Hencinski

https://twitter.com/chrissanders88/status/1456982558890250245

https://twitter.com/jhencinski/status/1456974938712121347

The Defender’s Mindset

https://medium.com/@johnlatwc/defenders-mindset-319854d10aaa

This work by Desiree Sacher-Boldewin's on use cases is well worth reading

https://github.com/d3sre/Use_Case_Applicability

https://github.com/d3sre/Use_Case_Applicability/blob/master/UseCaseApplicability-Paper.pdf

Useful guide with some helpful links

https://blueteamblog.com/siem-use-case-writing-guide

Palantir's approach

https://blog.palantir.com/alerting-and-detection-strategy-framework-52dc33722df2