home.social

#detections — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #detections, aggregated by home.social.

  1. ----------------

    🎯 Threat Intelligence
    ===================

    Opening — Executive summary
    This platform aggregates and indexes 8,756 community detection rules from six distinct sources and provides AI-driven coverage analysis mapped to the MITRE ATT&CK framework. The offering includes search, visualization, and AI-assisted analysis features aimed at revealing detection gaps against 172 mapped threat actors.

    Technical Details — Core capabilities
    • Detection Explorer: search and filter the full corpus of 8,756 detection rules with full rule content, ATT&CK mappings, and cross-references.
    • AI Chat: natural-language query interface for coverage questions such as “What’s our coverage against APT29?” with structured outputs.
    • Coverage Analysis: tactic-level heatmaps, technique gap analysis, and procedure-level breakdowns that show where detections do or do not exist.
    • Threat Actor Mapping: coverage assessment against a database of 172 MITRE ATT&CK threat actors.
    • Threat Report Analysis: submit threat advisories and receive extracted TTPs with ATT&CK mappings and gap identification.
    • ATT&CK Navigator: generate and export Navigator layers for sharing and operational review.

    Analysis — How it works conceptually
    The product links detection rule metadata and full rule content to ATT&CK tactic and technique identifiers, then applies automated coverage heuristics and AI models to surface where detection rules align with known TTPs and where procedural coverage is missing. The AI chat uses LLMs for natural-language mapping and structured answers; frontier models (e.g., Claude Sonnet 4.6, GPT-5.4, Codex, Opus) are available under the PRO tier or via BYOK.

    Use cases
    • Red/blue teams and detection engineers validating ATT&CK coverage and prioritizing rule development.
    • CTI teams mapping new threat reports to existing detections and identifying blind spots.
    • SOC managers exporting ATT&CK Navigator layers for compliance or reporting.

    Limitations & considerations
    • Coverage depends on the quality and recency of contributed detection rules and mappings.
    • AI-driven mappings may require human validation for high-confidence operational use.
    • Frontier-model features require PRO subscription or an external API key (BYOK).

    References & product notes
    Contains explicit counts (8,756 detections; 172 threat actors) and pricing tiers: free exploration with limited AI chats, PRO at $25/month or $250/year for unlimited frontier-model chats. #bookmark #MITRE #AI #detections #threatintel

    🔗 Source: detect.michaelhaag.org/

  2. "Kemi Badenoch said she is '100% confident' there will be no more senior Tory defections, following Robert Jenrick's sacking and decision to join Reform"

    Friday 16 January 2026 12:56, UK

    🤭

    #Badenoch
    #Detections
    #OneHundredPerCent

    news.sky.com/video/badenoch-10

  3. Yesterday I attended #SOC #DetectionEngineering Crash Course with Hayden Covington by @Antisy_Training

    antisyphontraining.com/product

    5 hours workshop (1 hour lab setup with instructor available on Zoom and 4 hours of workshop itself). Pay what you can with pricing starting from $0. Course materials such as setup guide and excellent lab instructions delivered in advance, two days before workshop.

    All you need for the workshop is just the web browser - we use #MetaCTF Cloud Windows VM (credits provided by the instructor) and Elastic Security (free trial available for 14 days).
    Fun fact: I test #FreeBSD as my host OS and was able to do all of the labs in FreeBSD without any issues

    The content was useful, really Crash course. We started with Windows VM with Sysmon and empty Elastic. After the course, we had Elastic Agent on VM, logs in Elastic, detection rule for @mitreattack Account Discovery: Local Account (T1087.001), suppression of the alerts for particular user. We also tested the detection with Atomic Red Team test.

    In overall, it was very good workshop and I am happy for opportunity to attend it. The usage of "free" cloud infrastructure is inspiring, I will consider it during my next trainings for larger group of students (instead of hosting all of the VMs in our cloud infrastructure) - this way, lot of things can students do again after the training for better understanding of the topic.

    #infosec #education #training #antisyphon #soc #siem #detections #blueteam

  4. Listening to the same old stuff in cybersec meetings today in July 2025 CE. Do y'all think anyone is ready for "hey your firewall, VPN gateway, ( bastion host) is popped" network #detections? We could warm up with something classic, like @taosecurity 's _Extrusion Detection_ ( 2005 ) though the coverage in the "Bastion Book" _Building Internet Firewalls_ was great in *checks notes* 1995. 🤦🏻‍♀️🙇🏻‍♀️

  5. Great tool to work with sigma rules and conversions to Splunk SPL, Elastics EQL and much more. This should make Detection Engineering comfortable.

    #detectionengineering #blueteam #detections #infosec

    detection.studio/

  6. Incident Response and Threat Hunting:
    A comprehensive collection of Kusto Query Language (KQL) queries used in detection, threat hunting, that focuses on Detections and Digital Forensics

    github.com/CodeByHarri/Inciden

    #dfir #incidentresponse #threathunting #KQL #detections

  7. #USA, Federal and State Veterinary Agencies Share Update on #HPAI #Detections in #Oregon Backyard #Farm, Including First #H5N1 Detections in #Swine

    Source: USDA, WASHINGTON, Oct. 30, 2024 – The U.S. Department of Agriculture (USDA) and Oregon state veterinary officials are investigating positive cases of H5N1 in a backyard farming operation in Oregon that has a mix of poultry and livestock, including swine. The Oregon Department of Agriculture announced on Friday, Oct.…

    etidioh.wordpress.com/2024/10/

  8. #USDA, #FDA and #CDC Share #Update on Highly Pathogenic Avian #Influenza #H5N1 virus #Detections in Dairy #Cattle, aphis.usda.gov/news/agency-ann

    Because of the limited information available about the #transmission of #HPAI in raw #milk, the FDA recommends that #industry does not manufacture or sell raw milk or raw/unpasteurized milk #cheese products made with milk from cows showing symptoms of illness, including those infected with avian influenza or exposed to those infected with avian influenza.

  9. Happy to be back after a brief holiday!

    This week I am going to be working on AD detections in ELK, cloud vulnerability stuff and more :D

    #security #AD #elk #detections #cloudvulnerabilities

  10. macOS patching, vulnerability scanning, RMM clean up, and end user 2FA clean up has been the name of the game lately.

    Next week will be a little more exciting. I am going to be starting to implement new detections and tools that I took notes on from Defcon!

    #security #macOS #vulnerabilitymanagement #RMM #2FA #detections #defcon

  11. Last night my co-authors and I turned in the final chapter's first draft for our book, Practical Detection Engineering: A hands-on guide to planning, developing, and validating threat detections. Still got a few rounds of technical reviews and copy edits but definitely a big milestone for us.

    When performing competitor analysis we found that despite the numerous amazing blog posts from industry experts, there wasn't a complete book focused solely on detection engineering, so hopefully we can fill that gap for the field! The book is scheduled to release in early August and is available for pre-order on Amazon now:
    amazon.com/Practical-Detection

    If you have a Packt subscription, it'll be in the eBook library too.

    Thanks in advance for anyone who decides to invest in our work and check it out!

    #detectionengineering #detections #threatdetection #threatintelligence #threatintel #infosec #engineering #cybersecurity #book #ebook #preorder

  12. Interested in #malwareanalysis, #reverseengineering &#threatintelligence? Want to get into understanding how/why certain malware acts the way it does.

    Tanisha L Turner ( @cybersecdiva on the birb site) will be leading a series of courses on lab setup, hardening your environment, & creating #detections for your own orgs to protect themselves from real malware threats. Real #malware will be analyzed in this course
    Join us on #twitch on the 28th of June at 3:30pm Pacific!

    twitch.tv/brakesec/schedule?se