All news with #detection engineering tag

Wed, November 19, 2025

Vulnerability-Informed Hunting: Nexus of Risk and Intel

#Vulnerability Management #Threat Hunting #Detection Engineering #MITRE ATT&CK #Patch #Threat Report

🔎 Vulnerability-informed hunting transforms static vulnerability scans into dynamic intelligence by enriching CVE data with asset context, exploit activity and threat feeds. The article shows how mapping vulnerabilities to adversary behaviors (for example, Log4Shell, ProxyShell and Zerologon) lets teams run focused hunts that detect exploitation or reveal telemetry gaps. It advocates a continuous loop where hunts inform detection engineering, improving logging, SIEM content and overall resilience.

Wed, November 12, 2025

Emerging Threats Center in Google Security Operations

#Google #AI Security #Agentic AI #Detection Engineering #Threat Intelligence

🛡️ The Emerging Threats Center in Google Security Operations uses the Gemini detection‑engineering agent to turn frontline intelligence from Mandiant, VirusTotal, and Google into actionable detections. It generates high‑fidelity synthetic events, evaluates existing rule coverage, and drafts candidate detection rules for analyst review. The capability surfaces campaign‑based IOC and detection matches across 12 months of telemetry to help teams rapidly determine exposure and validate their defensive posture.

Mon, September 29, 2025

AI Becomes Essential in SOCs as Alert Volumes Soar

#AI Security #Agentic AI #AI SOC Assistant #Detection Engineering #Threat Hunting #Prophet Security

🔍 Security leaders report a breaking point as daily alert volumes average 960 and large enterprises exceed 3,000, forcing teams to leave many incidents uninvestigated. A survey of 282 security leaders shows AI has moved from experiment to strategic priority, with 55% deploying AI copilots for triage, detection tuning, and threat hunting. Organizations cite data privacy, integration complexity, and explainability as primary barriers while projecting AI will handle roughly 60% of SOC workloads within three years. Prophet Security is highlighted as an agentic AI SOC platform that automates triage and accelerates investigations to reduce dwell time.

Fri, January 10, 2025

Turning Threat Research into Practical VirusTotal Detections

#Behavioral Detection #Detection Engineering #Lummac Stealer #Sigma Rules #Sysmon #Threat Hunting #Threat Report #VenomRAT #VirusTotal

🔎 Detection engineering guidance for researchers and defenders. This post shows how VirusTotal can be used to hunt for recent, sandboxed samples and derive behavioral Sigma rules by combining targeted VT queries, sandbox logs (CAPE/Zenbox), and manual analysis. Using Lummac and VenomRAT examples, the team created experimental Sigma detections for process execution (more.com/vbc.exe) and suspicious .conf file creation to aid SOCs and hunting teams.