Module 4 Overview

Module 4 Overview#

Theme#

Threat intelligence and enrichment

Essential Question#

How does external intelligence improve detection?

Module Components#

Book prose: conceptual framing, domain scenario, methods, and failure modes
Assignment: evidence-backed production of a specific artifact
Slides: presentation sequence for seminar or lecture delivery
Narration: spoken version of the slide flow
Instructor notes: facilitation plan, discussion prompts, and grading cues
Rubric: criteria for evaluating the module artifact
Notebook: executable lab aligned with the module theme using synthetic security telemetry with login velocity, data transfer volume, process rarity, and threat labels

Module Artifact#

detection engineering packet with threat model, false-positive analysis, and triage workflow focused on threat intelligence and enrichment: Design an enrichment workflow.

Professional Setting#

Students work as if advising a security operations center tuning AI-assisted detections before analyst rollout. Their work must be intelligible to SOC analyst, detection engineer, incident commander, and business system owner.