Skip to content
Threat Detection Engineering
How rare is a rare HTTP agent? Context-rich alerts because of math
Splunking BOTS V3: Q212, Q214, Q300
SPL Nuggets: Visualizing RDP/TS Connections from Eventlogs
Splunking BOTS v3: What Frothly VPN user generated the most traffic? Q330
Splunking questions from BOTS v3 dataset – Q215
JIRA workflow for Detection Engineering teams
SPL Nuggets: Know your admins – from eventlogs!
SIEM use cases development workflow – Agile all the things!
It’s about time to change your correlation searches timing settings
Mapping SDLC to security use cases development process