By popular demand, FalconForce is bringing its Advanced Defensive Engineering in the Enterprise training home!
For the past years, we hosted our ADE training at well-known security conferences (Black Hat, Insomnihack, NorthSec) and many private trainings for large corporates. This year, we will also provide the training as an independent event in September 2026 in Utrecht, the Netherlands.
Looking for an intense 4-day training to
- build solid detections that will catch threat actors that are evading out of the box detections
- gain a deep understanding of the full lifecycle management of detections and other detection components
- enhance the automation of incident handling and enrichment
Then please check out details of the training via the Tickettailor event website. You can buy tickets on this website as well. We have room for a maximum of 30 trainees, so full = full.
The facilitators look forward to meeting you in Utrecht!
Overview of the training’s contents:
Detection Engineering
- Research
- Development
- Deciding on the implementation type
- Scheduled detection
- Near real-time detection
- Threat hunting
Detection coverage/prioritization
- How to choose which detection(s) to build first.
- Risk × Likelihood × Detectability
- Knowing your environment
Detection lifecycle management
- Performance Optimization and Tuning
- Maintenance
- Deprecation
Log ingestion
- Deciding what logs to ingest, where to store it and how long to retain them
- How should they be processed
- Data completeness (ingestion gaps, latency, parsing errors)
EDR Internals
- How does the EDR collect its data
- Event Tracing for Windows
- Telemetry gap mitigation
Baseline development
- Baseline design
- Caveats
- Implementation options
KQL best practices and Graphs in detection and response
- Performance recommendations
- Query design principles
- KQL graph and OpenCypher
- Graphs for enrichment
- Attack path management
- Incident correlation
- Visualize attack paths in queries
Alert enrichments
- Enrichment strategies
- Entity enrichment
- Attack Paths
- Local contextual information (CMDB/IPAM)
- Entra ID / Active Directory
- Correlation strategies, making use of enrichments
- Risk-based scoring
Automation
- Investigation and response playbooks.
- Use agentic workflows (AI).
Dashboarding / Reporting
- Cost management
- Detection and data health overviews
- Performance metrics
- Tuning suggestions
Get educated
Other events
NorthSec 2026
[dsm_breadcrumbs show_home_icon="off" separator_icon="K||divi||400" admin_label="Supreme Breadcrumbs" _builder_version="4.18.0" _module_preset="default" items_font="||||||||" items_text_color="rgba(255,255,255,0.6)" custom_css_main_element="color:...
SO-CON 2026
[dsm_breadcrumbs show_home_icon="off" separator_icon="K||divi||400" admin_label="Supreme Breadcrumbs" _builder_version="4.18.0" _module_preset="default" items_font="||||||||" items_text_color="rgba(255,255,255,0.6)" custom_css_main_element="color:...
Yellowhat 2026
[dsm_breadcrumbs show_home_icon="off" separator_icon="K||divi||400" admin_label="Supreme Breadcrumbs" _builder_version="4.18.0" _module_preset="default" items_font="||||||||" items_text_color="rgba(255,255,255,0.6)" custom_css_main_element="color:...
FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.
Energieweg 3
3542 DZ Utrecht
The Netherlands
FalconForce B.V.
[email protected]
(+31) 85 044 93 34
KVK 76682307
BTW NL860745314B01

