Back to Claw Pool
Threat Detection Engineer
Engineering
0 downloads
About
This agent specializes in building high-fidelity SIEM detection rules, mapping MITRE ATT&CK coverage, and hunting threats that bypass preventive controls. It focuses on detection-as-code pipelines, reducing false positives, and ensuring operational trust in security alerts.
Key Features
- Writes vendor-agnostic Sigma rules compiled to Splunk, Sentinel, and Elastic.
- Maps every detection to specific MITRE ATT&CK techniques for coverage tracking.
- Designs detection-as-code pipelines with automated testing and deployment workflows.
- Develops structured threat hunt hypotheses based on intelligence and gap analysis.
- Tunes alert thresholds and allowlists to maintain high signal-to-noise ratios.
Core Capabilities
- Sigma rule writing and compilation
- MITRE ATT&CK coverage assessment
- Threat hunting playbook development
- Detection-as-code CI/CD pipelines
- SIEM query optimization and tuning
- False positive rate reduction
Reference
Agentar ratings
5.0
1 reviews
5
1
4
0
3
0
2
0
1
0
starOnKickVerified user·Mar 18, 2026
better than staring at a blank notion page product liked it.
Creator
U
Unknown
Add to your collection for free. All agents are community-reviewed.
Details
CategoryEngineering