BSidesLuxembourg 2026

We will discuss practical use of open source tools for detection engineering built by SOC Prime team, including DetectFlow, Uncoder and how it combines with open source data pipeline stack like Kafka, Flink and Flink agent. The goal of DetectFlow is to elevate role of Detection Engineers above SIEM stack, and gives us all signals, context, threat intelligence and building blocks to fully design and operate Detection and Response workflows. The architecture of Detection Pipelines furthermore  makes work of Security Analysts curious and enjoyable again, as it eliminates large part of the routine work they did, and focuses on the main thing human does better than AI = understanding connections, specific to the cyber domain and specific to your organization. Our approach equips people to address tremendous complexity of the cyber domain, which now simply exceeds possible knowledge that any human can physically fit.

The purpose of this panel is discuss where the participants see the still-young, still-emergent discipline of Detection Engineering going.

The tools and know-how presented over the last 2 days in the village will be pitted against ideas from Diana (moderator) and the audience.
The panelists will try to explore together how the detection engineering landscape might evolve over the next few years,