Tag: autonomous-soc

All the articles with the tag "autonomous-soc".

• Shift 2: Cases of Interest

  

  20 Apr, 2026

  The precedence gap from Shift 1 held into Shift 2, but two cases that didn't diverge revealed something the first shift couldn't: the threshold isn't just about source count.

• Shift 1: Cases of Interest

  

  20 Apr, 2026

  Four alerts. Same IP. Same missing fields. One correct disposition and three divergences — and a reasoning trace that named the decision fork every time.

• My Approach to Agentic AI Implementation

  

  14 Apr, 2026

  My account of building an agentic SOC from scratch. What the calibration run Sprint revealed and how those findings carried out in Sprint 2.

• Why DNS Alerts are the first scenario

  

  8 Apr, 2026

  DNS lookups are the first observable network artifact of a compromise and one of the noisiest alert types in a SOC queue. Here's why I started there.

• The Escalation Chain: How TORA and VERA Hand Off a Case

  

  30 Mar, 2026

  TORA triages. VERA investigates. The handoff between them is not a queue — it is a structured contract. This is the architecture of the escalation chain and why every field in it is intentional.

• TORA Escalated. VERA Investigated.

  

  30 Mar, 2026

  VERA just finished investigating every case TORA escalated last week. 81% of TORA's hypotheses were refined, not confirmed. This is the summary of the first shift.