Safeguard
Tag

detection-engineering

Safeguard articles tagged "detection-engineering" — guides, analysis, and best practices for software supply chain and application security.

10 articles

Best Practices

Ransomware defense strategy for engineering teams

Ransomware hit 44% of breaches in Verizon's 2025 DBIR, up from 32% a year prior. Here's the backup, access, and detection playbook that actually stops it.

Jul 15, 20266 min read
Best Practices

Red team vs. blue team fundamentals: how to structure the exercise

MITRE ATT&CK went public in May 2015 to give red and blue teams a shared language — most organizations still run the two in total isolation.

Jul 12, 20266 min read
Best Practices

What is MITRE ATT&CK

MITRE ATT&CK catalogs real attacker behavior into 14 tactics and 200+ techniques. Here's how it works, how it differs from CVE/CWE, and how to use it.

Feb 13, 20267 min read
Incident Analysis

How to configure SIEM alerting rules

A step-by-step guide to configure SIEM alerting rules: from use case development through Splunk alert configuration to detection rule tuning.

Feb 9, 20268 min read
Frameworks

MITRE ATT&CK v18: Detection Strategies Replace Data Sources

ATT&CK v18 released October 28, 2025, replacing traditional Detections (Data Sources) with Detection Strategies and Analytics. Here is how the model changes for defenders.

Nov 4, 20257 min read
SecOps

True Positives vs False Positives in Cyber Security

A true positive is a real finding your tools caught correctly; a false positive is noise that looks like a finding but isn't — and the ratio between them decides whether your security program gets trusted or ignored.

Apr 14, 20256 min read
Industry Analysis

Panther SIEM Supply Chain Rules: A Detection Engineering Playbook

Write Panther Python detections that catch package poisoning, CI token abuse, and registry compromise. Real rule examples, tuning patterns, and alert routing.

Oct 18, 20247 min read
Industry Analysis

SentinelOne Supply Chain Detection Logic for Build Systems

How to extend SentinelOne's behavioral detection engine to cover build agents, package registries, and developer endpoints without drowning analysts in false positives.

Jul 22, 20247 min read
Industry Analysis

Splunk Supply Chain Detection Content Pack

A practical look at building a Splunk content pack for software supply chain threats, with SPL searches for CI/CD anomalies, package registry abuse, and build provenance violations.

Mar 28, 20247 min read
Security Operations

Security Observability and Telemetry: Seeing What Matters

Traditional security monitoring drowns you in alerts. Security observability flips the model — providing context-rich telemetry that makes threats visible without the noise.

Dec 8, 20235 min read
detection-engineering — Safeguard Blog