Building off some techniques should only be detected opportunistically and the principles of yielded techniques established there, some techniques are impractical to detect organization-by-organization. Instead, detection and validation should be outsourced to vendors (EDR, A/V, email security appliances, etc.) or shared research efforts, and implemented with minimal per-organization effort.
As an example of how to automate the acquisition of these rules, Sigma rule packs for the core rule set could be automatically downloaded, run once against log content (to determine rule hit counts), and enabled only if the hit counts are beneath a threshold in that organization’s environment. Rules not meeting this criteria can be safely ignored, as they are likely not worth the human effort to make them sufficiently quiet to be useful.
Another post includes pros and cons of buying or building a validation approach; both approaches could allow the acquisition of validation tests at scale for yielded techniques.
The inverse of this principle is that rules written for non-yielded techniques must be added thoughtfully (a la TIDE) and repeatedly validated to check for false negatives.