Tag: detection-engineering
All the articles with the tag "detection-engineering".
-
Why DNS Alerts are the first scenario
DNS lookups are the first observable network artifact of a compromise and one of the noisiest alert types in a SOC queue. Here's why I started there.
-
Second shift: a new activity source showed up in alerts!
Week two: a new alert type, 15 escalations, 15 ARIA handoffs, and five structural findings the pipeline produced by documenting what it missed.