Abstract: Tactics, Techniques, and Procedures (TTPs) detection rules have long been built on expert knowledge and manual rule-crafting, which faces critical limitations in scalability, timeliness, and ...