Cybersecurity SOC AI Agent Automation
I explore security operations, incident response, cloud security, and AI-driven automation.
顺势而为,趋吉避凶
关于
Born in 2002, Sanya is focused on cybersecurity operations and AI-enabled security automation. His work spans SOC operations, EDR analysis, incident response, digital forensics, cloud security, detection engineering, and AI Agent orchestration.
我关注安全运营、事件响应、数字取证、云安全与 AI Agent 自动化,希望将传统 SOC 能力逐步演进为智能化安全编排能力。
研究领域
Security operations center workflows, alert triage, and operational efficiency.
Endpoint detection and response, threat hunting, and behavioral analysis.
Structured response methodologies, containment strategies, and post-incident analysis.
Evidence collection, forensic analysis, and chain of custody procedures.
Cloud-native security architectures, compliance frameworks, and threat detection.
Autonomous security agents, LLM-powered analysis, and intelligent orchestration.
Playbook development, SOAR integration, and workflow optimization.
Detection rule development, Sigma/YARA authoring, and threat-informed defense.
项目
AI-powered penetration testing agent built on Kali Linux with automated reconnaissance and exploitation workflows.
Collection of SOAR playbooks for common SOC workflows including alert enrichment, escalation, and response.
Custom Microsoft Sentinel analytics rules, workbooks, and hunting queries for enterprise threat detection.
Experimental platform for LLM-driven security orchestration, automating investigation and response decisions.