Stop Writing Rules. Start Engineering Detections!

In this video, we cover the full detection engineering lifecycle from first principles — past, present, and future — and where the discipline is heading in 2026. 📌 The evolution of detection: from the 1971 Creeper worm to modern EDR, Sigma, and YARA 📌 The 6-phase detection engineering lifecycle most SOC teams have never seen 📌 Why "write once, deploy everywhere" is a syntax promise — not an operational one 📌 Detection-as-Code: version control, CI/CD pipelines, peer review, and automated rollback 📌 Why the MGM breach was a detection engineering failure — and what it tells us about identity as the new attack surface 📌 AI-augmented vs agentic detection: what's real today, what's coming, and what AI cannot replace ✍️ Accompanying blog article: https://kravensecurity.com/detection-engineering-lifecycle/ =============================================== 💬 Join our Discord to carry on the conversation: https://discord.com/invite/gSMt5CRDdX 📹️ Check out our other videos: https://www.youtube.com/@adamgoss-kraven?sub_confirmation=1 🏫 Find more cyber threat intelligence, threat hunting, and custom tooling content at https://kravensecurity.com/ 💪 Book a coaching session today https://kravensecurity.com/services/ 00:00 Introduction 02:30 The EDR era 03:01 YARA & Sigma 03:44 The 6-phase detection engineering lifecycle 06:20 Rule writing vs detection engineering: there's a difference 06:48 Sigma rule walkthrough 07:37 Detection-as-Code 10:00 Case study: The MGM Resorts breach 11:05 Identity is the new attack surface 11:39 AI-augmented detection: what's real and shipping today 13:33 The future of detection engineering roles 14:00 Wrap-up & next steps