Module 1: Detection Program Foundations
Understand what detection engineering is, how to design a detection program, and how to use ATT&CK to prioritize what you build.
3
Lessons
2
Hands-on Labs
Lessons & Labs
Lesson 1.1 — The Detection Engineering Landscape
What detection engineering is, how it differs from alert tuning, the role in modern SOC operations.
Lab 1.1 — ATT&CK Coverage Baseline
Use the ATT&CK Navigator to create an initial coverage heatmap, identify gaps, and prioritize detection development using threat intelligence.
Lesson 1.2 — Designing a Detection Program
Coverage goals, tool selection, team structure, maturity models.
Lab 1.2 — Detection Program Charter
Draft a detection program charter including scope, goals, tool inventory, team roles, and a 90-day roadmap.
Lesson 1.3 — Attack Modeling for Defenders
Using ATT&CK to prioritize what to detect, gap analysis, threat-informed detection.