https://ne0tw0.pt/Recent content on Hugo MirandaHugoen-usFri, 08 May 2026 00:00:00 +0000https://ne0tw0.pt/about/Fri, 08 May 2026 00:00:00 +0000https://ne0tw0.pt/about/<p>SIEM Engineer · Detection Engineering · Blue Team</p> <p>Currently managing <strong>23,000+ log sources</strong> on IBM QRadar at a large European financial institution under DORA / NIS2 scope. Former Network &amp; Security Team Lead at Jolera Inc. (MSSP), running multi-tenant threat monitoring across Elastic, Microsoft Sentinel, and SentinelOne.</p> <h2 id="focus"> focus <a class="heading-link" href="#focus"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <ul> <li>detection engineering · SIGMA · detection-as-code</li> <li>incident response and investigation methodology</li> <li>log source onboarding, parser/DSM tuning, correlation fidelity</li> <li>NIS2 / DORA detection requirements in practice</li> </ul> <h2 id="stack"> stack <a class="heading-link" href="#stack"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>QRadar · Microsoft Sentinel · Elastic · SentinelOne · Wazuh · SIGMA · MITRE ATT&amp;CK · Linux · Git</p>https://ne0tw0.pt/posts/welcome/Fri, 08 May 2026 00:00:00 +0000https://ne0tw0.pt/posts/welcome/<p>This site will host detection-engineering writeups, investigation notes, and notes from operating SIEM platforms in regulated environments.</p> <p>planned topics:</p> <ul> <li>SIGMA rule engineering and detection-as-code workflows</li> <li>IBM QRadar internals: AQL, DSMs, Custom Rule Engine tuning</li> <li>Microsoft Sentinel and KQL for hunting and correlation</li> <li>sanitized incident response writeups from real investigations</li> <li>log source onboarding patterns at scale</li> <li>NIS2 and DORA detection requirements in practice</li> </ul> <p>more to come.</p>