Detection Engineering: Tool che Difendono

Detection engineering: SIEM/SOAR, sigma rules, threat detection, incident response automation, malware analysis e costruzione di pipeline di sicurezza defensive.

10Articles XPHX0XPHX Titres et sous-titres XPHX1XPHX Chapitres XPHX2XPHX Annexes XPHX3XPHX Bibliographie256 minLecture totaleAvanzatoNiveau
Detection EngineeringSIEMSOARthreat detectionsecurity

Articoli de la Série XPHX0XPHX Les articles de la série XPHX1XPHX sont les suivants :

  1. 1

    00 - Detection Engineering as a Discipline: Scripts to Pipelines

    Introduction to modern detection engineering: evolution from isolated scripts to CI/CD pipelines for security rules.

    24 min09-03-2026
  2. 2

    01 - Sigma Rules: Universal Detection Logic & SIEM Conversion

    Writing Sigma rules for universal detection: YAML syntax, logsource mapping and automatic conversion for Splunk, Elastic and Sentinel.

    26 min09-03-2026
  3. 3

    02 - Detection-as-Code Pipeline with Git & CI/CD

    Implementing Detection-as-Code: version control for rules, CI/CD pipeline, automated testing and SIEM deployment.

    25 min09-03-2026
  4. 4

    03 - MITRE ATT&CK Integration: Mapping Coverage Gaps Programmatically

    Integrating MITRE ATT&CK into workflow: automatic coverage mapping, gap identification and detection prioritization.

    27 min09-03-2026
  5. 5

    04 - Writing SOAR Playbooks in Python: Incident Response Automation

    Writing SOAR playbooks in Python: incident response automation, enrichment, containment and action orchestration.

    26 min09-03-2026
  6. 6

    05 - Threat Intelligence Ingestion: Building a STIX/TAXII Processor

    Building a threat intelligence processor: STIX/TAXII feed ingestion, IOC parsing, enrichment and correlation.

    25 min09-03-2026
  7. 7

    06 - Behavioral Anomaly Detection: ML Models for Log Data

    ML models for behavioral anomaly detection on logs: feature engineering, isolation forest, autoencoder and baseline modeling.

    28 min09-03-2026
  8. 8

    07 - AI-Assisted Detection Generation: LLMs for Sigma Rule Authoring

    Using LLMs to generate Sigma rules: prompt engineering, automatic validation, testing and AI-assisted iteration.

    25 min09-03-2026
  9. 9

    08 - Alert Triage Automation: Reducing MTTD with Graph Analysis

    Alert triage automation with graph analysis: alert correlation, noise reduction, prioritization and MTTD reduction.

    26 min09-03-2026
  10. 10

    09 - Testing Detection Rules: Unit Testing for Security Logic

    Unit testing for detection rules: test framework, synthetic log generation, red team validation and coverage metrics.

    24 min09-03-2026

Mettez vos connaissances à l'épreuve !

As-tu lu tous les articles ? Vérifie ce que tu as appris avec le quiz de la série.

Fais le Quiz
Revenir au blog