Blue teaming
Advanced Detection Content Services
We offer a way to save your team valuable time and provide you with advanced detection content. Custom-made for you or taken from our repository of existing use-cases; based on our constant research of adversarial techniques, our offensive and defensive engagements, and collaboration with our clients. FalconForce supports with implementing and tuning the use-cases to your environment. This will enable your team to focus on what really matters: keeping your business secure.

Our detection content is focused on Microsoft Sentinel and the Microsoft Defender suite and is completely aligned with MITRE ATT&CK®. With the access to our advanced use-cases, you are boosting the detection capabilities of Microsoft Sentinel and the Microsoft Defender suite. Our advanced detections go beyond the threats that, for instance, Microsoft Defender picks up out-of-the-box. The use-cases are provided in a format suited to your ingestion requirements. We currently offer YAML, Markdown and JSON formats out-of-the box.
ADCS – booster package for in-house SOCs
Our offering to you: we commit ourselves to delivering a “booster package” of 10 or more use-cases from our current repository to your environment. You can use our premium use-cases to monitor your environment for advanced threats. Each booster package includes access to our advanced detection content including KQL query, meta-data and documentation. Our repository currently contains 350+ custom advanced detections. New content is added every month.
Our premium detection content includes per use-case:
- KQL query and meta-data.
- Use-case documentation.
- Implementation in your environment
- One-time finetuning in your environment.
ADCS – subscription for in-house SOCs
Our offering to you: we commit ourselves to delivering 2 or more new use-cases each month to your environment. The content of the use-cases will be selected together. You can use our premium use-cases to monitor your environment for advanced threats. The subscription includes a steady stream of new (custom) advanced detection content including KQL query, meta-data and documentation, finetuning and maintenance.
Our premium detection content includes per use-case:
- KQL query and meta-data.
- Use-case documentation.
- Implementation in your environment
- Finetuning in your environment.
- Use-case maintenance.
ADCS – subscription for MSSPs
Our offering to you as MSSP: we offer a ready-to-use Git repository with premium detection content in an agreed-upon format. You can leverage our entire set of detection content. We commit ourselves to adding new use-cases each month to our repository. Our premium use-cases can be used by you to monitor your customers’ environments for advanced threats.
The repository includes per use-case:
- KQL query and meta-data.
- Use-case documentation.
- Finetuning suggestions for deployment in your customers’ environments.
- Use-case maintenance.
Moreover, we share our toolkit to deploy use cases efficiently to your customers and will support setting up the integration of our repository into your environment.
Download our ADCS datasheet
“Our advanced detection content can greatly boost your threat detection capability!”
Blue teaming
Our other services
Blue consultancy
Together. Secure. Today.
Get in touch with one of our professionals

FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.
Energieweg 3
3542 DZ Utrecht
The Netherlands
[email protected]
(+31) 85 044 93 34
KVK 76682307
BTW NL860745314B01