#detection
To Detect or Not to Detect
Guidelines for evaluating effective SOC detections.
Towards Actionable Detection
Actionable detection for relevant and contextual alerts.
Project Nebula: Debriefing
Final thoughts and improvements for the Nebula detection lab.
Project Nebula: Detecting with Elastic
Elastic Stack deployment for log monitoring.
Project Nebula: Detecting with Wazuh
Setting up Wazuh for log collection and detection rules.
Project Nebula: Build a Simple Detection Lab
Easy guide to setting up a simple detection engineering lab.
Practical Threat Detection Engineering
Review of Practical Threat Detection Engineering book.
Auto-Cleaning Lists in Chronicle SIEM
Automate Chronicle SIEM list cleanup for expired items.
Endpoint Security Reflections feat. EDR
Comparing EDR with alternative endpoint solutions.
Integrating MISP with Chronicle SIEM
Integrate CTI and CSIRT automatically and efficiently.
Debunking Threat Detection Myths
Debunking threat detection myths for improved SecOps.
Improving SecOps Beyond Tuning Analytics
The Cuckoo's Egg
A 1980s Infosec thriller with groundbreaking investigations.
The Threat Detection Fundamental Dilemma
Exploring the precision vs. recall dilemma in threat detection.
MITRE ATT&CK 101: Bridging the Gap
Guide to MITRE ATT&CK with history and context for better usage.
Getting Real About MITRE ATT&CK
Understanding MITRE ATT&CK and using it in your favor.
Insights into Effective SIEM Deployment
Strategies and tips for successful SIEM deployment.
Understanding Severity and Priority
Find the best settings for consistent detection alerts.
Intelligence-Driven Incident Response
How integrating CTI enhances Threat Detection and CSIRT.
Chronicle SIEM: Insights and Challenges Explored
Chronicle features and challenges in Threat Detection.
Effective Detection Rules for Net and Port Scans
Effective network and port scan detection.