Building Thorough Detections via Detection Modeling

February 27, 2025

In this episode, Andrew VanVleet walks us through detection modeling with a Detection Data Model (DDM). We'll map out an attack technique and build a thorough detection strategy using Kerberoasting (T1558.003) – cracking a password hash using Kerberos service tickets – as an example. Then we'll employ the model to create the most thorough detection strategy we can. Crafting solid detections isn’t just about writing rules, it’s about understanding attack techniques inside and out, and you'll get a front-row seat.

Alex Hurtado

Detection Dispatch Host, Anvilogic

Andrew VanVleet

Technical Architect, Financial Services Firm

Additional Resources

Launch the Snowflake Lab

Anvilogic for Snowflake

Streamline Your Detection Engineering

Podcast

Episode 43: Building Thorough Detections via Detection Modeling

More Episodes

March 20, 2025

DECEIVE to Defend: AI-Powered Deception feat. Edna Jonsson

DECEIVE brings AI-powered honeypots directly into the hands of security teams, opening new possibilities for proactive threat intelligence and modern detection strategies.

Watch Now and Get the Giveaway

March 13, 2025

HEARTH the Community-Driven Threat Hunting Project feat. Lauren Proehl

Join Alex as she hosts Lauren Proehl (Director, Global Cyber Defense at a leading FSI & Founder of THOR Collective) for a discussion on HEARTH—a community-driven threat hunting GitHub repository that you’re going to want to fork as well as the importance of community intel-sharing.

Watch Now and Get the Giveaway

February 13, 2025

Understanding Detection Engineering and Why Teams Struggle With It

In this episode, we break down why Detection Engineering needs to shift from one-off alert building to a proactive, structured strategy.

Watch Now and Get the Giveaway