Notes
笔记
Sigma Rule Syntax Cheatsheet
Quick reference for Sigma rule authoring — condition syntax, field mappings, modifiers, and common detection patterns. Updated as new patterns are discovered.
KQL Useful Functions and Patterns
Collected KQL snippets for Microsoft Sentinel — common parsing patterns, time-series analysis, join operations, and performance optimization tips.
Prompt Engineering for Security Analysis
Notes on crafting effective prompts for LLM-based security analysis — context framing, chain-of-thought techniques, and validation strategies.
AWS Security Hub Findings Reference
Personal reference for AWS Security Hub finding types, severity mappings, and remediation steps for common cloud security issues.
Volatility 3 Command Reference
常用 Volatility 3 命令与插件速查表,包括内存提取、进程分析、网络连接和注册表检查。
API Integration Patterns for SOAR
Notes on common API integration patterns used in SOAR playbook development — pagination handling, rate limiting, error recovery, and data transformation.