This site will host detection-engineering writeups, investigation notes, and notes from operating SIEM platforms in regulated environments.
planned topics:
- SIGMA rule engineering and detection-as-code workflows
- IBM QRadar internals: AQL, DSMs, Custom Rule Engine tuning
- Microsoft Sentinel and KQL for hunting and correlation
- sanitized incident response writeups from real investigations
- log source onboarding patterns at scale
- NIS2 and DORA detection requirements in practice
more to come.