Threat Detection Bad Trips: Log Everything!

Alex Teixeira
3 min readMar 14

Alright, this is a public service for SIEM engineers. How many times you've heard that answer when someone asks 'What should be logged?' and how hard is it today to predict the outcome of over-logging?

Disclaimer: all opinions here are applicable to enterprise, corporate environments only. That's where most of my experience comes from. It doesn't apply to SMBs or military environments, for instance.

Know your recipes

Alex Teixeira

I design and build threat detection models and triage/hunting interfaces for Enterprise #SecOps teams #DetectionEngineering