BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//talk//RNELAL
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-RNELAL@pretalx.com
DTSTART;TZID=CET:20260507T111500
DTEND;TZID=CET:20260507T120000
DESCRIPTION:Threat intelligence has matured significantly in the domain of 
 indicators of compromise (IOCs)\, with standardised formats and automated 
 sharing infrastructure. Yet when it comes to adversary behaviors - tactics
 \, techniques\, and procedures (TTPs)\, intelligence is still largely deli
 vered through unstructured reports\, PDFs\, and blog posts. This creates a
  persistent gap: while defenders receive rich insights\, they lack a syste
 matic way to translate those insights into actionable detection engineerin
 g outcomes. Measuring detection coverage remains difficult\, often reduced
  to basic ATT&CK matrix mappings that fail to capture the relational and t
 echnical nature of adversary behaviors. Meanwhile\, intelligence evolves f
 aster than most teams can analyse\, leaving detection engineers overwhelme
 d and without a standardised workflow to prioritise or model new threats.\
 n \nOpenTide (Open Threat Informed Detection Engineering\, an open source 
 framework developed at the European Commission CSOC) addresses this challe
 nge by introducing a structured\, top‑down intelligence‑to‑detection
  flow. At its core are Threat Vectors - an open construct for modeling TTP
 s at any level of granularity. Threat Vectors can be interrelated to form 
 attack graphs\, enabling defenders to build a dynamic and continuous cover
 age picture as new intelligence emerges.\n \nWithin OpenTide\, detection o
 bjectives and supporting rules are explicitly linked to Threat Vectors\, c
 reating a direct mapping from intelligence to detection logic. A normalise
 d schema ensures that unstructured intelligence can be ingested\, transfor
 med\, and operationalised consistently. Furthermore\, experimental integra
 tions with large language models (GenTide R&D Project) accelerate the crea
 tion of these objects\, demonstrating how automation can reduce the time f
 rom intelligence inputs to detection deployment.\n \nBy reframing how we m
 odel and consume TTP‑focused intelligence\, OpenTide provides a scalable
  path to actionable detection engineering. It enables defenders to move be
 yond static mappings\, measure coverage in context\, and continuously alig
 n detection priorities with the evolving threat landscape.\n \nOpenTide : 
 https://github.com/OpenTideHQ
DTSTAMP:20260412T024700Z
LOCATION:IFEN room 1\, Workshops and Detection Engineering village (Buildin
 g D)
SUMMARY:OpenTide: From Raw Intelligence to Structured Threat-Informed Detec
 tions - Remi Seguy
URL:https://pretalx.com/bsidesluxembourg-2026/talk/RNELAL/
END:VEVENT
END:VCALENDAR