Threat Detection Engineer

What problem does it solve?

This Skill addresses the critical gap in cybersecurity by enabling the creation and maintenance of robust detection mechanisms that identify and alert on malicious activities that bypass preventative security controls.

Core Features & Use Cases

• SIEM Rule Development: Write and deploy high-fidelity detection rules in Sigma, compiled for various SIEM platforms (Splunk, Sentinel, Elastic).
• MITRE ATT&CK Mapping: Assess and systematically improve coverage against the MITRE ATT&CK framework, prioritizing critical gaps.
• Threat Hunting: Develop and execute hunt hypotheses to find threats missed by automated detections, converting findings into new rules.
• Detection-as-Code: Implement CI/CD pipelines for version-controlled, tested, and automated deployment of detection rules.
• Use Case: A security operations team needs to ensure they can detect advanced persistent threats (APTs) targeting their industry. This Skill allows them to build, test, and deploy specific detection rules mapped to the TTPs used by these APTs, significantly reducing their mean time to detect.

Quick Start

Use the Threat Detection Engineer skill to create a Sigma rule for detecting suspicious PowerShell encoded command execution.