Module 4: Threat intelligence and enrichment

AINS6300 — AI in Threat Detection

Essential Question

How does external intelligence improve detection?

Scenario

a security operations center tuning AI-assisted detections before analyst rollout

Stakeholders: SOC analyst, detection engineer, incident commander, and business system owner

Core Moves

• Define the decision boundary

• Compare baseline and alternative

• Interpret evidence and assumptions

• Identify failure modes

• Recommend next action

Lab & Assignment

Design an enrichment workflow.

Artifact: detection engineering packet with threat model, false-positive analysis, and triage workflow focused on threat intelligence and enrichment: Design an enrichment workflow.