In response to the increasingly complex and changing network threats, enterprise networks often exhibit high heterogeneity with diverse architectures, operating systems, and applications. This diversity challenges the application of a single detection logic. Detection Engineering has emerged as a crucial theme, enabling the design of flexible detection rules tailored to specific environments through systematic methods. By abstracting attack behaviors into characteristic patterns, this approach remains adaptable to rapid changes. This presentation explores the core concepts and practices of Detection Engineering, demonstrated with real-world cases. We'll also discuss using frameworks like MITRE ATT&CK to deconstruct and locate potential detection points in attack behaviors.