Detection Engineering (Detect)

"If you can't see it, you can't stop it."

Detection Engineering is the code behind the SOC. It involves writing logic to identify malicious behavior, managing data ingestion strategies, and hunting for threats that evade automated tools.

The Modern Shift

We are moving away from "Log everything to Splunk" toward Smart Pipelines and API-based detection.

Section Contents

📄 Modern Data Pipeline & Strategy
Optimizing security data using Pipelines, API detection, and Data Lakes.
📄 SIEM & Log Analysis
Centralizing logs for correlation and analysis.
📄 Threat Hunting
Proactive search for undiscovered threats.
📄 Writing Detection Rules (Sigma/YARA)
Creating portable, shareable detection logic.

Detection Engineering (Detect)

The Modern Shift

Section Contents

:(