Blue teaming
FalconForce Sentry Detect: Managed Detection Engineering

Our Sentry Detect offering includes a combination of advanced detection content, tools and support by FalconForce professionals. Sentry Detect will enable your team to use our advanced detection content, tuned to your environment. Our repository currently has over 500 premium, high-fidelity detections. Each detection includes:
- The KQL query.
- Extensive documentation with (technical) details of the detection focus and relevant attack, blindspots (if any), potential false-positives, and suggested response actions, related data sources, references to relevant MITRE ATT&CK Tactics / Techniques, change logs, filter variables, references to related FalconForce detections and materials that were used during the research.
- Implementation in your environment.
- Tuning in your environment.
- Minor and major version updates.
How we collaborate with you
During the onboarding process, we set up the detection-as-code pipelines in your environment. You can then select the advanced detections from our repository via our web portal. We are happy to advise you and together we can make a roadmap, based on relevant threats and your existing detection coverage (for example, using MITRE ATT&CK).
Once you have been onboarded, we will start delivering and tuning detection content into your environment. We continuously develop new advanced detections and add these to our repository – for you to choose from!
A risk-based scoring dashboard is implemented in Sentinel so you can analyze (series of) alerts based on your business’ priorities.
We offer our Sentry Detect services in three models
Each model’s features are described in detail below. Each model will enable your team to use our advanced detection content, tuned to your environment.
Sentry Detect – Booster
Go fast. Aimed at organizations that want to deploy a set of detections from our current repository in a short timeframe. For example, to tackle known detection coverage gaps. One-time tuning by FalconForce professionals is included in a fixed-fee project.
Sentry Detect – Pro subscription
Get regular new detections. In this subscription model, we deliver up to 5 detections per month with the detection-as-code pipelines. Ongoing tuning and deployment of detections is included.
Sentry Detect – Enterprise subscription
Self-deploy our content in parallel with our support. This subscription allows your team unlimited (fair use) deployment of our content, while we also deliver up to 10 detections per month. This model includes use of the risk-based scoring dashboard.
The below table provides an overview of all features per Sentry Detect model:
Download the Sentry Detect datasheet
“Our managed detection engineering service can greatly boost your threat detection capability!”
Blue teaming
Our other services
Blue consultancy
Together. Secure. Today.
Get in touch with one of our professionals

FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.
Energieweg 3
3542 DZ Utrecht
The Netherlands
FalconForce B.V.
[email protected]
(+31) 85 044 93 34
KVK 76682307
BTW NL860745314B01