Should a detection engineering team be expected to have detection engineering requirements similar to a cti team?

Would it add value or friction?

What tools are peole using for threat intelligence diagrams these days? Are there any cool AI diagramming tools out now?

I typically use draw io since it's free but I'm a lackluser designer so need al the help I can get!

Fantastic write up. Some really interesting tradecraft and the definition of APT.

But also highlights some foundational detections all orgs should have around suspicions process locations, cred access, etc.

Even using sophisticated techniques most attackers still leave tracks!

If you wanted to help someone go zero to hero as a detection engineer what resources would you suggest?