Detection Engineering roadmap

Build, test, and tune detections as code: Sigma rules, ATT&CK coverage, and false-positive management. Move from SOC and log analysis into writing, testing, and version-controlling high-fidelity detections.

1 courses6 resourcesSOC analyst

Step-by-step path

Logs, telemetry, and the detection lifecycle
Write Sigma rules and map coverage to MITRE ATT&CK
Test detections with Atomic Red Team and manage rules as code
Build a portfolio artifact and publish a short writeup.

Starter stack

SigmaDetection-as-codeATT&CKSIEM

Free: SigmaHQ rules Free: Atomic Red Team

Best next resources

Detection Engineering with SigmaApplied Network Defense · Paid Atomic Red TeamRed Canary · Free Detection Engineering WeeklyNewsletter · Free DetectionLabGitHub · Free The DFIR ReportThe DFIR Report · Free Awesome Detection EngineeringGitHub · Free