logo
Defence blues
Detection engineering
  • Red tradecraft
  • Privacy greenhouse
  • Purple crossroads
  • Indigo observatory
  • Contact
Initializing search
    • Blue team @Home
    • Servers without a security team
    • Honeytech for humans
    • Blue team for dev
    • OT and ICS security
    • Counter moves
    • Golem Trust Computing Ltd.
    • Civic Defence Establishment
      • Civic Defence Establishment
      • Quiet Room
      • Long Table
      • Receiving Desk
      • Red Lanterns and False Horizons
        • Notes for this project
        • Detection engineering
          • Generic detection patterns
          • Wazuh decoders
          • Writing Wazuh rules
          • Other SIEM platforms
        • Detection engineering
          • Generic detection patterns
          • Wazuh decoders
          • Writing Wazuh rules
          • Other SIEM platforms
        • Event correlation
        • Incident response
        • Threat Intelligence integration
        • Advanced topics
    • Office of Civil Surveys
    • Civil Observers’ Society
    • The Home for Bewildered Beasts of Legend
    • Archive

    Detection engineering¶

    Detection engineering is the practice of designing, building, and testing rules that identify malicious or anomalous behaviour. The Red Lantern simulator provides known attack patterns against which detection logic can be developed and validated without live traffic or production risk.

    Rules designed in conditions that will not damage anything.

    • Generic detection patterns
    • Wazuh decoders
    • Writing Wazuh rules
    • Other SIEM platforms
    Check the Barrel's Bottom
    2026-05-29 21:59
    © Copyright 2026, TyMyrddin.
    Created using Sphinx 7.2.6. and Sphinx-Immaterial

    Made with love in the Unseen University, 2026, with a forest garden fostered by /ut7