Program

/

CODE BLUE 2026

Trainings

Tentative AI-Assisted Detection Engineering: Practical Blue Team Workflows with LLMs, Sigma, and MITRE ATT&CK

Artificial intelligence is rapidly changing how defenders build, test, and improve detection logic, but many organisations still struggle to move from hype to practical implementation. This hands-on training shows how security teams can use large language models and structured threat data to accelerate detection engineering without losing human oversight. Participants will work through realistic blue team workflows: translating threat intelligence into detection ideas, mapping activity to MITRE ATT&CK, drafting and refining Sigma rules, validating detection logic against example attack scenarios, and identifying where AI support is useful and where it becomes risky. The course emphasises human-in-the-loop decision-making, verification, and operational realism rather than blind trust in automated outputs. By the end of the training, participants will understand how to integrate AI into detection development in a controlled and defensible way, helping SOCs and incident response teams improve speed, consistency, and coverage.

Training Outline

  • Title

    AI-Assisted Detection Engineering: Practical Blue Team Workflows with LLMs, Sigma, and MITRE ATT&CK

  • Trainer

    CCDCOE Trainer

  • Language

    English

  • Date

    2026-11-13 9:00 - 18:30
    2026-11-14 9:00 - 18:30
    2026-11-15 9:00 - 18:30

  • Venue

    Bellesalle Shinjuku Grand Conference Center (5F)

  • Capacity

    TBA

  • Remarks

    Include 2day Conference ticket(November 17th to 18th, 2026) for training attendees

Training Application

Buying Ticket
Price TBA
Sales period 〜November 8th
Sales Status -

Training Detail

Who should take this course
  • Security practitioners responsible for SOC operations, threat hunting, and detection engineering
Student requirements
  • Basic understanding of SOC workflows, OS (Windows and Linux) logs, detection rules concepts, and MITRE ATT&CK fundamentals. Basic CLI usage is helpful, but not crucial.

What skills will participants learn at your training?

Participants will learn the following skills:

  • use AI tools to support detection engineering tasks
  • convert threat reports into detection ideas
  • map adversary behaviour to MITRE ATT&CK
  • create and refine Sigma rules
  • evaluate AI-generated security content critically
  • apply human validation to AI-assisted workflows
  • identify operational and security risks in AI-enabled detection pipelines

What students should bring

  • Laptops with possibility of using the browser, Wi-Fi connectivity.

What students will be provided with

  • TBA

CCDCOE Trainer の写真

CCDCOE Trainer

CCDCOE Trainer

Back to List

Back to List