2026-05-28 SOC Notes

Building an Effective SOC Playbook from Scratch

A practical guide to designing SOC playbooks that balance automation with human judgment, covering alert triage workflows, escalation procedures, and metrics that matter.

SOC Playbook Automation

Read More

2026-05-15 Detection Engineering

Microsoft Sentinel Detection Engineering: A Practical Approach

How to build detection-as-code workflows with Microsoft Sentinel, covering KQL rule authoring, version control, testing pipelines, and continuous tuning strategies.

Sentinel KQL Detection

Read More

2026-04-20 AI Agent

AI Agents in Security Operations: Current State and Future

Exploring how autonomous AI agents can augment SOC analysts — from alert summarization to automated investigation and response orchestration.

AI Agent SOC

Read More

2026-04-05 Cloud Security

AWS CloudTrail Threat Detection with Sigma Rules

Translating cloud-native audit logs into Sigma detection rules for portable, vendor-agnostic threat detection across AWS environments.

AWS Sigma Cloud

Read More

2026-03-18 Forensics

Memory Forensics with Volatility 3: Investigating Fileless Malware

A hands-on walkthrough of using Volatility 3 for memory forensics, focusing on detecting fileless malware techniques and extracting forensic artifacts.

Forensics Memory Volatility

Read More

2026-03-02 Automation

SOAR Integration Patterns for Modern Security Teams

Design patterns for integrating SOAR platforms with existing security tooling, covering API orchestration, data normalization, and scalable automation architectures.

SOAR Integration API

Read More