Detection Engineering is optimizing the event funnel

Detection engineering has the goal of optimizing the event funnel, ultimately ensuring that the cybersecurity workforce do not waste their time clutter and can focus their time on ”actual” security event and incidents

Detection engineering funnel

Detection Engineering is cyclic

Detection engineering is cyclic in nature The output of implementation will lead to a new objective setting and gap analysis. Good cyclic detection engineering will ultimately increase the security of your organization and hence also the business continuity.

Detection Engineering

1. Uncover the Detection objectives

We use the following three questions to guide the dialogue for Detection Engineering objective settting

2. Document the Detection Requirements

Based on the objectives, we analyze and document the requirements for Detection Engineering. For example, identifying the available log sources, determining what logs or data sources you are missing, what logging level they have and ensuring the alert rules are created and attached to these sources.

3. Implement the Detection Engineering

This leads to the actual implementation which you could do or have us do. We are experts in Microsoft Sentinel but have experience with five other, large SIEM systems.

Did you know?

Our software product for Microsoft Sentinel has built-in detection engineering: Best practice setup and easy-to-change the alert rules based on a value matrix

Learn more

perform a gap analysis

MITRE ATT&CK

Ensure that the SIEM is set up to detect what is relevant for you

At Seculyze, we will investigate your SIEM setup. For us, detection engineering starts with threat modelling. Here we use the MITRE ATT&CK framework to identify the threat that are relevant for your organization.

Want to know more about Detection Engineering?

Contact

Kristian Jacobsen

CTO

+45 61792740

kristian@seculyze.com

Other Consultancy Services

Looking For Something Else?

Azure Design & Review >

SIEM Design & Review >