Building Thorough Detections via Detection Modeling

February 27, 2025

In this episode, Andrew VanVleet walks us through detection modeling with a Detection Data Model (DDM). We'll map out an attack technique and build a thorough detection strategy using Kerberoasting (T1558.003) – cracking a password hash using Kerberos service tickets – as an example. Then we'll employ the model to create the most thorough detection strategy we can. Crafting solid detections isn’t just about writing rules, it’s about understanding attack techniques inside and out, and you'll get a front-row seat.

Alex Hurtado

Detection Dispatch Host, Anvilogic

Andrew VanVleet

Technical Architect, Financial Services Firm

Additional Resources

Launch the Snowflake Lab

Anvilogic for Snowflake

Streamline Your Detection Engineering

Podcast

Episode 43: Building Thorough Detections via Detection Modeling

More Episodes

April 24, 2025

The AI Series: Inside URL Guardian—An LLM Built for Detection

Mike Hart returns to walk through URL Guardian, our new LLM for malicious URL detection.

Watch Now and Get the Giveaway

April 10, 2025

The UEBA Illusion: Why Traditional UEBA Falls Short

In this episode, Kevin Gonzalez will pull back the curtain on User and Entity Behavior Analytics (UEBA), and expose the gap between its promises and real-world pitfalls.

Watch Now and Get the Giveaway

March 27, 2025

Machine Learning-Powered Threat Hunting feat. Sydney Marrone

Threat hunting is evolving, and machine learning is pushing the boundaries of what's possible. Alex Hurtado hosts Sydney Marrone—Principal Threat Hunter at Splunk and co-author of PEAK Threat Hunting—to explore how ML-driven techniques are transforming detection strategies.

Watch Now and Get the Giveaway