Module 1: Security telemetry and threat models

Module 1: Security telemetry and threat models#

AINS6300 — AI in Threat Detection

Essential Question#

What signals reveal malicious behavior?

Scenario#

a security operations center tuning AI-assisted detections before analyst rollout

Stakeholders: SOC analyst, detection engineer, incident commander, and business system owner

Core Moves#

Define the decision boundary
Compare baseline and alternative
Interpret evidence and assumptions
Identify failure modes
Recommend next action

Lab & Assignment#

Map telemetry to threat hypotheses.

Artifact: detection engineering packet with threat model, false-positive analysis, and triage workflow focused on security telemetry and threat models: Map telemetry to threat hypotheses.