Join Fredrik Borg, Senior Analyst in Threat Detection and Response at mnemonic, as he shares insights from an ongoing proof of concept in Agentic Detection Engineering. The project explores how we ingest CrowdStrike threat intelligence and use an LLM to generate potential detection rules and filters.

What to expect: mnemonic’s Detection Engineering team, together with R&D and Threat Intelligence, is testing how far we can automate parts of detection development. The focus is on reducing time spent on repetitive tasks while keeping human validation at the core.

Early results show strong potential to speed up rule creation, especially when working with known patterns and log types. At the same time, the work highlights important risks. Generated outputs still require careful review, as context can be missed and errors can occur.

This session will give a practical look at what works, what does not, and how LLMs can support detection engineering without replacing expert judgment.