This is a more technical post to exemplify how my workflow goes when designing and implementing a new detection while serving as follow-up from a previous post The role of ‘Novelty’ and ‘Behaviour’ in Computer Forensics & Detection Engineering.

When you start following security researchers and their work, it’s truly…


This is just another quick blog that could not fit in a tweet which is hopefully inspiring for for all Detection Engineering teams out there.

First off, let's get the definitions loud and clear:

Novelty: the quality of being new, original, or unusual.

Behaviour: the way in which one acts…


The Splunk language is very powerful. I've been writing SPL for years and I still keep discovering new ways to use it, especially when browsing the docs or the community forums trying to solve another problem.

This year, I've published a query for detecting multiple flavors of password brute-force attacks…


What’s a network beacon? Why is that important? Well, let’s start with a quick definition before jumping into detection design and KQL code.

As Google suggests, beacon is a visible object serving as a signal or warning. …


I’ve recently joined BlueVoyant where I’m having a great opportunity to be part of a talented team fully dedicated to Threat Detection Engineering and Threat Hunting practices. (we’re hiring!)

Among other things, besides designing detections to run on a much bigger scale (hundreds of customers), I’m finally playing with Microsoft’s…


The idea of this post came after a Slack chat with Ryan Long, a Sr. Security Analyst who had asked this very question highlighted in the blog title.

Ryan as many others is realizing there’s sometimes a very thin line between analysis (operations) and engineering when it comes to threat…


Threat Detection Engineering practice seems to be evolving. Not only because of easier log management methods and platforms, but because attackers will easily adapt to OOB security, evading detection and achieving their goals.

Nevertheless access to all this data is only the start. The challenge for Blue Teamers keeps increasing…


I’ve had the chance to work with many great security teams during my career and in 2012, I had the opportunity to join Verizon's SOC in Germany. That was a very challenging experience considering its massive scale SecOps.

It was also by that time when I realized Splunk could be…


As organizations evolve in terms of detection & response capabilities, more than a decade old SIEM remains an enterprise security must, acting as one of the main platforms within a cyber defense program.

Despite being overshadowed by easy to justify initiatives like vulnerability management and other prevention controls, investments in…


Despite being known to some, I am pretty sure the topic of this post will relate to many and perhaps even hurt a few.

Let’s start by addressing this well-known term, one of the main challenges for all SIEM or Log Management practitioners:

Event Normalization

While there are many definitions most associate…

Alex Teixeira

Blueteamer. Threat Detection Engineering & Research.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store