I'm not sure where to post this or where to look, but at Focus last month, Terry Stuart mentioned a use case guide that would be posted soon. Is it out and I'm missing it or is it still being worked on?
There has been a rough sample tracker posted in the Twin Cities ESM User group space, not sure exactly what you're looking for, but it might help.
We have not completed the document yet. We have a rough draft and its being reviewed with the SIEM ETS org. Its a bit of a long doc,some 70 pages, so its taking a bit longer than I would expect. My goal it to get something published within the next few weeks. We also think about a separate communities page for SIEM use cases with this being the start point.
Thank you for checking on it.
Actually it's pretty straight forward. For reference, check out some of the content packs. They are based on the USE-CASE based deployment implementation methodology. You may use those as your initial frame-work.
Or here is a random one, the documenmt itself is a USEcase