Advancing Cyber Threat Detection through SIEM-Based Automation and MITRE ATT&CK Aligned Analytics: A Systematic Review
AMARACHI FRANCA MGBEMELE *
Department of Computer Information System Prairie View A&M, TX, 77446, United States.
*Author to whom correspondence should be addressed.
Abstract
Background: The growing sophistication, scale, and persistence of cyber threats have exposed the limitations of traditional signature-based security monitoring systems. In response, modern Security Information and Event Management (SIEM) platforms increasingly integrate automation, machine learning, and structured threat intelligence frameworks most notably the MITRE ATT&CK framework to enable behavior-driven, proactive threat detection and response.
Objective: This systematic review examines the effectiveness of SIEM-based automation aligned with MITRE ATT&CK analytics, with the objectives of evaluating detection performance, identifying operational and implementation challenges, and synthesizing emerging trends and policy-relevant implications for contemporary cybersecurity operations.
Methods: A comprehensive literature review was conducted across IEEE Xplore, ACM Digital Library, ScienceDirect, Google Scholar, and specialized cybersecurity repositories, covering studies published between 2018 and 2024. A total of 127 peer-reviewed studies meeting predefined inclusion criteria were analyzed, focusing on SIEM automation, ATT&CK-aligned detection engineering, and empirically reported security outcomes.
Results: The reviewed evidence demonstrates that SIEM platforms integrated with MITRE ATT&CK-aligned analytics achieve substantial performance gains compared with traditional approaches. Reported improvements include a 40–65% increase in threat detection accuracy, a 35–55% reduction in false positive rates, and a 50–70% decrease in mean time to detect (MTTD). Automation supported by machine learning, user and entity behavior analytics, and SOAR-enabled workflows significantly enhances the identification of advanced persistent threats, zero day exploits, and multi-stage attack campaigns. However, persistent challenges related to data quality, alert fatigue, skills shortages, model drift, and implementation complexity remain barriers to widespread adoption.
Conclusions: SIEM-based automation aligned with the MITRE ATT&CK framework provides a robust and scalable foundation for modern, threat-informed cyber defense, offering measurable improvements in detection accuracy, operational efficiency, and analyst productivity. While technological advances continue to drive progress, effective adoption depends on strong data foundations, workforce development, and continuous refinement of detection engineering practices. Future research and practice are expected to focus on deeper integration with extended detection and response (XDR) platforms, AI-assisted detection engineering, and policy-driven cyber resilience strategies to address evolving threat landscapes.
Keywords: SIEM, MITRE ATT&CK, cybersecurity automation, threat detection, security analytics, intrusion detection