# Module 4 Overview

## Theme

Threat intelligence and enrichment

## Essential Question

How does external intelligence improve detection?

## Module Components

- `Book prose`: conceptual framing, domain scenario, methods, and failure modes
- `Assignment`: evidence-backed production of a specific artifact
- `Slides`: presentation sequence for seminar or lecture delivery
- `Narration`: spoken version of the slide flow
- `Instructor notes`: facilitation plan, discussion prompts, and grading cues
- `Rubric`: criteria for evaluating the module artifact
- `Notebook`: executable lab aligned with the module theme using synthetic security telemetry with login velocity, data transfer volume, process rarity, and threat labels

## Module Artifact

detection engineering packet with threat model, false-positive analysis, and triage workflow focused on threat intelligence and enrichment: Design an enrichment workflow.

## Professional Setting

Students work as if advising a security operations center tuning AI-assisted detections before analyst rollout. Their work must be intelligible to SOC analyst, detection engineer, incident commander, and business system owner.