What is Threat Detection?

Threat detection is the practice of analyzing the entirety of a security ecosystem to identify any malicious activity that could compromise the network.

Threat detection requires both a human element, as well as a technical element. The human element includes security analysts who analyze trends, patterns in data, behaviors, and reports, as well as those who can determine if anomalous data indicates a potential threat or a false alarm. - Rapid7¹

Activities involved

Paraphrasing what Alex has written here², they are:

• Rapidly deploying detection controls

• Proactively identifying threats in the environment

• Identify new sources of data and threat detection opportunities

• Creating alerts, reports and or custom scripts to aide in detection

• Developing a continuous improvement workflow for new detection controls, quality assurance and or maintenance of said controls

• Enriching threat detection data with environmental specific and or threat intelligence data

Learning path

MITRE ATT&CK framework

Incident Response plan (organizational specific)

Detection Development Standards (organizational specific)

Trainings

• MITRE ATT&CK Framework learning path - AttackIQ
• SANS SEC511: Continuous Monitoring and Security Operations
• SANS SEC555: SIEM with Tactical Analysis
• SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
• Penetration Testing with Kali Linux (OSCP)

Reading resources

Basics

• Threat Hunting with Splunk: Part 1, Intro to Process Creation Logs
• Threat Hunting with Splunk: Part 2, Process Creation Log Analysis
• Threat Hunting with Splunk: Part 3, Getting Your Hands Dirty and Conclusion
• SPL Nuggests: Know your Admins - from EventLogs!
• SPL Nuggests: Visualizing RDP/TS Connections from EventLogs

Intermediate/Advanced

• Threat Detection Metrics: Exploring The True-Positive Spectrum
• It’s about time to change your correlation searches timing settings
• Should I date a model? Myths Busted!
• Introducing the Funnel of Fidelity
• Capability Abstraction
• Detection Spectrum
• Detection in Depth

Credits

• Photo by Franki Chamaki on Unsplash

---

1. https://www.rapid7.com/fundamentals/threat-detection/ ↩︎

2. https://ateixei.medium.com/diy-in-house-threat-detection-engineering-73643a0b06f ↩︎