Use Case Thinking
Agile Development
https://opstune.com/2017/10/15/siem-use-cases-development-workflow-agile-all-the-things/
'Detection is Hard' and 'How to Make Threat Detection Better?' by the great Anton Chuvakin of Google Cloud Security
https://medium.com/anton-on-security/why-is-threat-detection-hard-42aa479a197f
https://medium.com/anton-on-security/how-to-make-threat-detection-better-c38f1758b842
Two terrific twitter threads from Chris Sanders and Jon Hencinski
https://twitter.com/chrissanders88/status/1456982558890250245
https://twitter.com/jhencinski/status/1456974938712121347
The Defender’s Mindset
https://medium.com/@johnlatwc/defenders-mindset-319854d10aaa
This work by Desiree Sacher-Boldewin's on use cases is well worth reading
https://github.com/d3sre/Use_Case_Applicability
https://github.com/d3sre/Use_Case_Applicability/blob/master/UseCaseApplicability-Paper.pdf
Useful guide with some helpful links
https://blueteamblog.com/siem-use-case-writing-guide
Palantir's approach
https://blog.palantir.com/alerting-and-detection-strategy-framework-52dc33722df2