DIR: ~/blog
Blog_
Writeups, notes, and thoughts on security and development.
Designing Detections for Scale, Speed, and Human Beings
Effective KQL detection engineering goes beyond writing queries — it demands an understanding of attacker behaviour, analyst workflows, and production environments. This article co…
Detection EngineeringKQLDefender XDR
Why Smart SOC Teams Are Rethinking Sentinel Ingestion (And What They're Doing Instead)
SOC teams face tough decisions about which logs to ingest into Sentinel given volume-based costs. With Microsoft introducing USOP, security teams should lean more on Advanced Hunti…
Microsoft SentinelDefender XDRDetection Engineering