Tag: tora

All the articles with the tag "tora".

• Shift 7 Review: Beyond DNS

  

  9 May, 2026

  Shift 7 introduced phishing email alerts for the first time. The agents handled them. The pipeline between them didn't.

• Shift 6: Separation of Duties

  

  2 May, 2026

  The separation of duties between detection engineering, agent reasoning, and the SOC fabric is becoming clearer with every run.

• Shift 5: Closing the Precedence Gap

  

  25 Apr, 2026

  Sprint 3 opened with a targeted fix to TORA's triage logic. Shift 5 confirmed it held. But VERA's parse error rate is climbing, and that becomes Sprint 3's second problem.

• Shift 4: What Neither Agent Could See Alone

  

  19 Apr, 2026

  Shift 4 was a high-severity week. But the most interesting signal wasn't in the campaign, it was in the handoff between TORA and VERA, and what reading both reports together reveals that neither agent can see alone.

• Why DNS Alerts are the first scenario

  

  8 Apr, 2026

  DNS lookups are the first observable network artifact of a compromise and one of the noisiest alert types in a SOC queue. Here's why I started there.

• The Escalation Chain: How TORA and VERA Hand Off a Case

  

  30 Mar, 2026

  TORA triages. VERA investigates. The handoff between them is not a queue — it is a structured contract. This is the architecture of the escalation chain and why every field in it is intentional.