Published inDetect FYIFrom Intelligence to Detection: A Workflow for Integrating CTI, IR, Hunting & Red TeamsIn 2017, a former software tester suggested that I should consider shipping detection content by following the SDLC, and it seemed like a…Nov 31Nov 31
Published inDetect FYIIs Security Analytics the key to High-Fidelity, Context-Rich Alerts?Turning massive security alerts stream into a few manageable, stats-annotated, scored, aggregated Alert Sessions.Oct 32Oct 32
Published inDetect FYISysmon: a viable alternative to EDR?I've been recently engaged in workshops with distinct clients from completely different industries/verticals and this is a recurring topic.Jul 49Jul 49
Published inCodeXData Science & Exploratory Data Analysis: the Panda versus the Pony!Exploratory data analysis sits at the core of any insightful data work. Performing log analysis in search for threats is no different.Jun 5Jun 5
Published inDetect FYIHow to prioritize a Detection Backlog?I started writing Medium stories in 2017 and the very first article was "How to rank Quick Wins", a fascinating topic that deserved another…May 137May 137
Published inDetect FYIWhat makes up a solid SIEM query?After writing and peer-reviewing numerous SIEM searches, here I share some tips to help others enhance their query-foo.Apr 231Apr 231
Published inDetect FYIAI-Powered SOC: it's the end of the Alert Fatigue as we know it?If you’ve ever worked in an enterprise SOC, you’ve probably heard it before:Apr 23Apr 23
Published inDetect FYIBoost your Security Monitoring reports with Sankey DiagramsThe Pie Chart is perhaps the most prevalent data visualization type seen in security reports out there. It's easy to implement and…Mar 18Mar 18
Published inDetect FYIUnsupervised Machine Learning with Splunk: the cluster commandIf you are in cyber for long, you should have probably heard this one:Feb 19Feb 19
Splunk ES Correlation Searches (Rules) Best & Cool PracticesThe following document is by far the top accessed resource from my solo business website. Since its first release in late 2020 I’ve…Jan 151Jan 151