SIEM Workflows

Detection Engineering Primer Lab

Translate a short incident narrative into detection ideas, test them against a log fixture, and document maintenance notes.

Cover visual for Detection Engineering Primer Lab
Duration
24 hours over 3 weeks
Format
Cohort
Tuition (informational)
₩890,000
Schedule a call about this track

Tuition is informational on this static site. Operational agreements happen offline with your procurement team.

Inside the lab

Bridging SOC and detection engineering, you draft lightweight detection ideas, run them against provided fixtures, and log maintenance risks. The emphasis is on sustainable rules rather than brittle one-offs.

What you practice

  • Fixture runner with pass/fail hints
  • Maintenance note template
  • Pair review with a detection engineer persona card
  • Office hour on balancing noise vs coverage

Outcomes

  • Author a detection card with test cases
  • Explain expected false-positive patterns
  • List owner and review cadence for the rule
Portrait slot for Minseo Park

Minseo Park

Returns for a focused engineering-facing sprint after triage courses.

FAQ — two column tabs

Questions on the left cover access and scope; right column covers expectations.

Programming required?

Helpful but not mandatory; exercises accept pseudocode and structured YAML-style ideas.

Will this get me hired as DE?

It is a primer, not a career guarantee. You leave with portfolio artifacts and honest scope notes.
Noise expectations?

We discuss noisy telemetry explicitly; perfection is not the goal.

Experience notes

“Fixture runner made my test cases concrete. Maintenance notes are now part of our team template.”
Jordan · Managed service partner · 5/5 · internal feedback