Introduction A well architected SIEM is one of the most valuable tools in a SOC, central to both detecting and responding to security incidents. This post will cover the essentials of setting up and configuring a SIEM, then move into effective log analysis techniques. For new analysts, this overview provides Read more…
Introduction Starting out in a SOC requires a mix of technical and practical skills to handle a range of security incidents effectively. This post covers essential skills for SOC analysts, introduces core SOC playbooks, and explores basic automation within AWS environments. If you’re a new analyst, this guide will help Read more…
I have trouble remembering all of these, so I’m stashing them here. 1. Risk Management Equations 2. System Reliability and Maintenance Metrics 3. Cryptography and Access Control Calculations 4. Probability and Bayesian Analysis 5. Quantitative Risk Metrics 6. Binary and Boolean Logic Operations 1. Risk Management Equations Annualized Loss Expectancy Read more…
Introduction In incident response, following a structured approach is fundamental to maintaining clarity, control, and precision. This post covers the essential concepts in incident handling, breaking down the life cycle stages and key operations within a SOC. Using NIST 800-61 as the primary guide, I’ll walk through the basics of Read more…
The goal of detection engineering isn’t just to identify potential threats but to take meaningful action based on those findings. After documenting and analyzing your results, it is time to determine which findings require escalation, how to initiate an effective response, and how to use what you’ve learned to continuously Read more…
Git is more than just a tool for version control. It’s a core skill for any developer working in a collaborative environment. This guide will walk you through essential Git commands, concepts, and tips to make you effective in managing code and collaborating on projects. We’ll cover setup, basic operations, Read more…
As you analyze and interpret detection results, effective documentation becomes essential. Documentation provides a clear record of what has been observed, what steps have been taken, and where the investigation is headed. In this post, we’ll discuss how to document findings, organize investigation steps, and expand the investigation by connecting Read more…
Creating detection analytics is only part of the equation in detection engineering. Once you have analytics in place, the next challenge is to interpret their results accurately, distinguishing genuine threats from benign anomalies. In this post, we’ll go through how to evaluate results, identify malicious activity amid outliers, and navigate Read more…
In detection engineering, moving from a detection hypothesis to a working analytic is the heart of the process. It’s where ideas are transformed into rules that capture malicious behaviors in action. In this post, we’ll look at how to develop these analytics systematically, covering the essentials of transforming a hypothesis Read more…
This is the first post in a series where I’ll cover detection engineering end to end. What is Detection Engineering? Detection engineering is a systematic approach to designing and refining analytics that detect specific malicious behaviors within a network. Unlike reactive incident response, detection engineering aims to create proactive detections Read more…
Overview In this guide, we will set up a Python environment to automate crawling and converting a documentation site into a consolidated PDF. This involves using chromedriver for automated browsing and wkhtmltopdf for converting HTML content to PDF. Prerequisites Make sure Homebrew is installed on your Mac. If it isn’t, Read more…