Detection Engineering & Threat Hunting SIG

Mission

Security teams are constantly facing evolving threats, complex infrastructures, and an expanding set of detection tools. Many SOCs and CERTs are building Detection Engineering capabilities, but without a strong peer network, they often work in isolation, reinventing solutions to shared challenges. Similarly, Threat Hunting efforts uncover new attack techniques, but without structured collaboration, insights can be siloed rather than feeding back into detection improvements.

This interest group seeks to enhance Incident Response effectiveness by strengthening the upstream disciplines of Threat Hunting and Detection Engineering. Our goal is to create a global knowledge-sharing space that fosters:

Goals & Deliverables

To drive progress in Threat Hunting and Detection Engineering, this interest group will focus on developing standardized frameworks, shared knowledge, and collaborative best practices. Our key goals and deliverables include:

Meetings

Chairs

Mailing list

Any FIRST member may join, others are welcome as well, requests must be approved by the SIG chairs.

Request to Join