detection-engineering
On Detection: Tactical to Functional
Part 9: Perception vs. ConceptionThe concepts discussed in this post are related to those discussed in the 9th session of the DCP Live podcast. If you find this information interesting, I highly ...
Focus Threat Intel Capabilities at Detection Engineering (Part 4)
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.In this blog (#4 in the series), we will start to talk about the ...
Build for Detection Engineering, and Alerting Will Improve (Part 3)
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.In this blog (#3 in the series), we will start to define and refine ...
Detection Engineering and SOC Scalability Challenges (Part 2)
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.This post is our second installment in the “Threats into Detections — The DNA of Detection ...
Reactive Progress and Tradecraft Innovation
Detection as PredictionThe overarching goal of a security operations program is to prevent or mitigate the impact of an attacker gaining unauthorized access to an IT environment. In service of this mission, ...
Detection Engineering is Painful — and It Shouldn’t Be (Part 1)
Detection Engineering is Painful — and It Shouldn’t Be (Part 1)This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.This post is our first installment in ...
On Detection: From Tactical to Functional
In his 1931 paper “A Non-Aristotelian System and Its Necessity for Rigour in Mathematics and Physics,” Mathematician Alfred Korzybski introduced an idea that many today find helpful when dealing with complex systems ...
Beyond Procedures: Digging into the Function Call Stack
Within the cybersecurity industry, many of us have a natural inclination towards digging into technical concepts and understanding what is going on under the hood. Or, if you are like me, you ...
SIEM Content, False Positives and Engineering (Or Not) Security
As we learned, SIEM still matters in 2023.Debating SIEM in 2023, Part 1Debating SIEM in 2023, Part 2But since one winter day in 2002, when I wrote my first correlation rule for a ...
Uncovering Windows Events
Threat Intelligence ETWNot all manifest-based Event Tracing for Windows (ETW) providers that are exposed through Windows are ingested into telemetry sensors/EDR’s. One provider commonly that is leveraged by vendors is the Threat-Intelligence ...
