Master
Detection
Engineering

Learn to write better detections with AI-powered feedback and real-world scenarios

Train Like Its Production

Get real-time feedback on your detection rules from our AI coaching system

AI-Powered Feedback

Get instant, contextual feedback on your detection rules as you write them

Real-World Scenarios

Practice with actual attack patterns and evasion techniques

Progressive Learning

Start with basics and advance to complex detection engineering

Track Your Growth

Earn badges and credentials as you master detection engineering skills

detection_rule.yml
DETECTION AREAS
title: Suspicious PowerShell Execution
description: Detects PowerShell execution with encoded commands
status: experimental
detection:
selection:
EventID: 4688
ProcessName: '*\powershell.exe'
CommandLine: '*-enc*'
condition: selection
THREAT DETECTION ADVISOR

Command Line Coverage

Consider also checking for "-encodedcommand" and "-e" variations to catch evasion attempts

Event ID Selection

Good choice using 4688 for process creation monitoring

Enhanced Detection

Try adding parent process checks to reduce false positives from legitimate PowerShell usage

Join the Detection Engineering Revolution

Be among the first to experience AI-powered detection engineering training. Early access members get exclusive benefits and help shape the future of the platform.

✨ Early access members get:
Free extended trial • Priority support • Influence on feature development

Early Access

Be first to try new features

Extended Trial

Get extra time to evaluate

Priority Support

Direct access to founders

Environmental Responsibility

Our love of tech comes at an environmental cost. We donate 1% of revenue to Ocean Conservation efforts as a small way to offset our impact.

Read more about our commitment
Buy me a coffee