THM - Intro to Detection Engineering

Detection Engineering
Types of Detection

• Environment-based detection

  • Configuration detection
  • Modelling

• Threat-based detection

  • Indicator Detection
  • Threat Behavior detections

• Detection as Code

• Threat Modelling

  • Reactive
  • Proactive

• Baseline Creation - Security baselines

  • High-level
  • Technical

• Log Collection

  • Sysmon

• Rule Writing

  • SIEM System
  • Snort and Yara
  • Sigma

Detection Engineering Frameworks 1

• MITRE ATT&CK Framework
• Cyber Analytics Repository
• Pyramid of Pain
• Cyber Kill Chain
• Unified Kill Change

Detection Engineering Frameworks 2

• Alerting and Detection Strategies Framework
• Detection Maturity Level Model