Overview of Threat Detection Engineering Project

Aug 31, 2024

Threat Detections Engineering 101 Project Overview

Introduction

  • Purpose of the video series: Overview of project scope, network topology, and personal career interests in cybersecurity.
  • Importance of project documentation for building a portfolio.
  • Platform used: GitHub for documentation and project management.

What is Threat Detection Engineering?

  • Definition: Managing the lifecycle of detecting threats.
  • Key Responsibilities:
    • Creating and managing an infrastructure for writing detection queries.
    • Managing detection templates as adversary techniques evolve.
  • Areas of Interest:
    • Infrastructure management (e.g., SEM and logging)
    • Engineering/analyst perspective in deploying vulnerable environments for detection.

Project Components

1. Network Topology

  • Busy network topology with focus on key sections.
  • Centralized SEM system using the ELK Stack (Elasticsearch, Logstash, Kibana).
  • ELK Stack hosted on a publicly accessible Ubuntu VPS server for log aggregation and alerting.

2. Detection Management

  • Use of GitHub for managing detection logic and lifecycle.
  • AI integration for quality control and syntax checking of detection templates through various models (e.g., OpenAI).

3. Threat Detection Simulation

  • Technologies Used:
    • Isolated Detections Generator:
      • Self-hosted Windows VM running Red Canary Atomic Red Team for simulating adversary behavior.
    • Honeypot Network:
      • Deployment of Docker containers on cloud instances to gather real-world threat intelligence.
      • Projects include SSH HoneyPot and RDP HoneyPot.

Log Collection

  • Use of FileBeats (Elastic Agent) for log collection and sending logs to ELK Stack.

Conclusion

  • Focus on the thought process behind project development rather than just tool acquisition.
  • Plans for future video content: Specific topics within the project, not a step-by-step series.
  • Encouragement for feedback from viewers regarding interest in specific topics.

Key Takeaways

  • Importance of structuring and organizing cybersecurity projects.
  • Intersection of various skills in threat detection engineering.
  • Continuous learning and refining skills in cybersecurity fields.