___ # Tags #threat-detection-engineering #threat-detection #unfinished # Helpful Docs - https://www.amazon.com/Practical-Threat-Detection-Engineering-hands/dp/1801076715/ref=sr_1_1?sr=8-1 # Notes - Unified Kill Chain - Based off of the older Lockheed Martin Cyber Kill Chain - **In**, discovery phase - **Through**, maintain access and escalation of privileges - **Out**, tool staging, completion of the attack - ![[Pasted image 20240606225011.png]] - ATT&CK Stands For - Adversarial Tactics, Techniques, and Common Knowledge - Pyramid of Pain - This diagram shows indicators defenders use to perform analysis on threat actor behavior and how it relates to the difficulty of the threat actor to switch up the methodology - ![[Pasted image 20240612171006.png]] - What is Threat Detection Engineering - A set of processes that enable potential threats to be detected within an environment - An end-to-end lifecycle, collecting detection requirements, aggregating telemetry, implementing and maintaining detection logic, and validating the effectiveness of the program and detections - ![[Pasted image 20240612180203.png]] - This is the threat detection engineering lifecycle