Detection Engineering
The field of detection engineering can be defined as a collection of processes that facilitate the detection of potential threats within an environment. The life cycle of these processes spans from gathering detection requirements, aggregating system telemetry, implementing and maintaining detection logic to validating program effectiveness. [1]
Or in simple terms: Detection Engineering transforms information about threats into alerts.
Atlas
- Funnel of Fidelity & Detection Breadth and Depth
- Detection Development Lifecycle & Detection Template
- Detection Maturity Level Model & Threat Hunting Maturity Model
- Public Detection Rule Repos & Public Attack Simulation Repos
Awesome Tools & Lists
- REx & DETR
- EDR Telemetry Project
- Threat Intel Reports Overview
- Awesome Security lists for SOC/CERT/CTI
- Awesome Threat Detection and Hunting
- Awesome Detection Engineering
- Detection Engineering Pocket Guide
Relevant Note(s): Anti-Virus Evasion Techniques Threat Hunting Incident Response Penetration Testing
M. Roddie, J. Deyalsingh, and G. J. Katz, Practical Threat Detection Engineering: A Hands-on Guide to Planning, Developing, and Validating Detection Capabilities. Packt Publishing, 2023. ↩︎