Homepage
Open in app
Sign in
Get started
Detection Engineering Collective
We walk the walk. Insights and tips from the field—from actual cybersecurity practitioners.
Trending Stories
About
Follow
Following
Latest Stories
How to prioritize a Detection Backlog?
How to prioritize a Detection Backlog?
I started writing Medium stories in 2017 and the very first article was "How to rank Quick Wins", a fascinating topic that deserved another…
Alex Teixeira
May 13
Impair Defenses [T1562.012]: Detect Linux Audit Logs Tampering (Part 1)
Impair Defenses [T1562.012]: Detect Linux Audit Logs Tampering (Part 1)
The Linux Audit Daemon, or auditd, is a key component of the Linux Auditing System, operating in user space to gather and save audit log…
Aleksandar Matev
May 11
The Structure and Taxonomy of a Detection Knowledge Base
The Structure and Taxonomy of a Detection Knowledge Base
One of the most critical aspects of a detection engineering program is the documentation. Without documentation, your SOC is flying blind…
Regan
May 9
Security Monitoring — Developing Use Cases
Security Monitoring — Developing Use Cases
In this blog post I'll be writing about developing use cases for security monitoring. I'll be using Microsoft Sentinel as an example…
Truls TD
May 9
The Effortless Solution: Automating IOCs Lookup Table Updates in Splunk
The Effortless Solution: Automating IOCs Lookup Table Updates in Splunk
Aleksandar Matev
May 3
What makes up a solid SIEM query?
What makes up a solid SIEM query?
After writing and peer-reviewing numerous SIEM searches, here I share some tips to help others enhance their query-foo.
Alex Teixeira
Apr 22
UAC-0133 (Sandworm) plans for cyber sabotage at almost 20 critical infrastructure facilities in…
UAC-0133 (Sandworm) plans for cyber sabotage at almost 20 critical infrastructure facilities in…
Translation of the latest UA-CERT alert published today & Technical Analysis of QUEUESEED which is the KAPEKA Backdoor used in June 2022 in…
Simone Kraus
Apr 19
AI-Powered SOC: it's the end of the Alert Fatigue as we know it?
AI-Powered SOC: it's the end of the Alert Fatigue as we know it?
If you’ve ever worked in an enterprise SOC, you’ve probably heard it before:
Alex Teixeira
Apr 2
Sysmon File Block Execution — How we can use Sysmon to block Hermetic Wiper, RMM Tools and…
Sysmon File Block Execution — How we can use Sysmon to block Hermetic Wiper, RMM Tools and…
As backup for EDR systems also in ICS environments
Simone Kraus
Mar 19
Boost your Security Monitoring reports with Sankey Diagrams
Boost your Security Monitoring reports with Sankey Diagrams
The Pie Chart is perhaps the most prevalent data visualization type seen in security reports out there. It's easy to implement and…
Alex Teixeira
Mar 18
Automating Security Monitoring — Part 2: Automation
Automating Security Monitoring — Part 2: Automation
Let's get straight to the point; security monitoring is the process of consuming data, analyzing it and detecting malicious activity, then…
Truls TD
Mar 1
About Detect FYI
Latest Stories
Archive
About Medium
Terms
Privacy
Teams