Hopefully not yours in particular, but if they do, let's try to remedy that.

This talk aims to help you learn about detection engineering, dive a bit into the current detection ecosystem and find some of the most common reasons why detections are doomed to fail from the deployment.

The talk is suited for everyone, from those who are just interested to learn about detection engineering is and what role it plays. You'll either learn something or disagree on something. Discussion furthers knowledge and not every piece of gained knowledge applies equally everywhere, context matters, especially in detection.

What is this talk not? Well, this is not a KQL masterclass. It's a talk that walks all the way from a level 100 introduction to the topic and sometimes skirt on the edges of level 300.

Demos included.