Anomaly-based detection workflow: leveraging the Novelty component using EDR log telemetry

This is a more technical post to exemplify how my workflow goes when designing and implementing a new detection while serving as follow-up from a previous post The role of ‘Novelty’ and ‘Behaviour’ in Computer Forensics & Detection Engineering.