Glossary

Detection Engineering

Detection engineering builds the alarms for security threats - writing rules that catch bad guys while ignoring false alarms.

What is Detection Engineering?

Systematic approach to creating, testing, and maintaining security detection rules and logic.

Why Should You Care?

Poor detections miss attacks or generate noise. Detection engineering produces reliable, tuned detections.

Is your business exposed?

Real-World Example

Detection engineers develop and test a new rule for detecting LOLBAS techniques before deploying to production.

How to Protect Against Detection Engineering

  1. 1.

    Establish detection engineering practice

  2. 2.

    Create detection testing framework

Related Terms

Sigma, Siem, Threat Detection

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices