BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//speaker//CUAN3J BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-bsidesluxembourg-2026-RNELAL@pretalx.com DTSTART;TZID=CET:20260507T111500 DTEND;TZID=CET:20260507T120000 DESCRIPTION:Threat intelligence has matured significantly in the domain of indicators of compromise (IOCs)\, with standardised formats and automated sharing infrastructure. Yet when it comes to adversary behaviors - tactics \, techniques\, and procedures (TTPs)\, intelligence is still largely deli vered through unstructured reports\, PDFs\, and blog posts. This creates a persistent gap: while defenders receive rich insights\, they lack a syste matic way to translate those insights into actionable detection engineerin g outcomes. Measuring detection coverage remains difficult\, often reduced to basic ATT&CK matrix mappings that fail to capture the relational and t echnical nature of adversary behaviors. Meanwhile\, intelligence evolves f aster than most teams can analyse\, leaving detection engineers overwhelme d and without a standardised workflow to prioritise or model new threats.\ n \nOpenTide (Open Threat Informed Detection Engineering\, an open source framework developed at the European Commission CSOC) addresses this challe nge by introducing a structured\, top‑down intelligence‑to‑detection flow. At its core are Threat Vectors - an open construct for modeling TTP s at any level of granularity. Threat Vectors can be interrelated to form attack graphs\, enabling defenders to build a dynamic and continuous cover age picture as new intelligence emerges.\n \nWithin OpenTide\, detection o bjectives and supporting rules are explicitly linked to Threat Vectors\, c reating a direct mapping from intelligence to detection logic. A normalise d schema ensures that unstructured intelligence can be ingested\, transfor med\, and operationalised consistently. Furthermore\, experimental integra tions with large language models (GenTide R&D Project) accelerate the crea tion of these objects\, demonstrating how automation can reduce the time f rom intelligence inputs to detection deployment.\n \nBy reframing how we m odel and consume TTP‑focused intelligence\, OpenTide provides a scalable path to actionable detection engineering. It enables defenders to move be yond static mappings\, measure coverage in context\, and continuously alig n detection priorities with the evolving threat landscape.\n \nOpenTide : https://github.com/OpenTideHQ DTSTAMP:20260412T011426Z LOCATION:IFEN room 1\, Workshops and Detection Engineering village (Buildin g D) SUMMARY:OpenTide: From Raw Intelligence to Structured Threat-Informed Detec tions - Remi Seguy URL:https://pretalx.com/bsidesluxembourg-2026/talk/RNELAL/ END:VEVENT BEGIN:VEVENT UID:pretalx-bsidesluxembourg-2026-YV7DJA@pretalx.com DTSTART;TZID=CET:20260508T133000 DTEND;TZID=CET:20260508T141000 DESCRIPTION:The purpose of this panel is discuss where the participants see the still-young\, still-emergent discipline of Detection Engineering goin g.\n\nThe tools and know-how presented over the last 2 days in the village will be pitted against ideas from Diana (moderator) and the audience. \nT he panelists will try to explore together how the detection engineering la ndscape might evolve over the next few years\, DTSTAMP:20260412T011426Z LOCATION:IFEN room 1\, Workshops and Detection Engineering village (Buildin g D) SUMMARY:Panel Discussion: The future of Detection Engineering - Diana Waith anji\, Ondrej Nekovar\, Remi Seguy\, Andrii Bezverkhyi URL:https://pretalx.com/bsidesluxembourg-2026/talk/YV7DJA/ END:VEVENT END:VCALENDAR