Module 8: Capstone — Detection Portfolio
Measure coverage, communicate value to leadership, and build a professional detection engineering portfolio.
Tools:SigmaSuricata + EveBoxYARAWazuh
3
Lessons
2
Hands-on Labs
Lessons & Labs
Lesson 8.1 — Measuring Detection Coverage
ATT&CK heatmaps, coverage scores, gap prioritization, and tracking improvement over time.
Lab 8.1 — Generate an ATT&CK Coverage Map
Map all detections built throughout the course to ATT&CK techniques, generate a coverage heatmap, and identify remaining gaps with a prioritized remediation plan.
Lesson 8.2 — Communicating Detection Value
Executive dashboards, ROI metrics, risk reduction narratives, and stakeholder presentations.
Lab 8.2 — Capstone: Detection Engineering Portfolio
Compile your best Sigma, Suricata, and YARA rules into a professional portfolio with documentation, test results, coverage metrics, and an executive summary.
Lesson 8.3 — Building Your Detection Portfolio
Career artifact creation, showcasing skills, continuous improvement plans, and professional development.