How do you create new efficient, accurate, and resilient detection rules? There are a lot of steps to follow. This talk will take you through what I call Full Circle Detection. I’ll start with where to get hunting ideas and then to giving a turnkey alert for your Security Analysts using a real-world step by step example. In this talk the audience will see how a simple blog article (about an Outlook Persistence technique) can and should spark a whole chain of action from your security team.