KQL validation harness notes
Notes on building a deterministic KQL validation harness for schema checks and regression detection.
kqlvalidationlab
2025-12-01
Labs and Experiments
Practical notes and experiments from detection engineering and SOC architecture work.
Sigma to KQL conversion experiments
Experimental mapping approach for Sigma rules to Sentinel-compatible KQL with validation checkpoints.
sigmakqlconversion
2025-11-21
Atomic Red Team detection validation
Lab observations on repeatable test execution patterns for validating detection behavior and noise profiles.
atomic-red-teamvalidationdetection
2025-11-10
Baseline vs threshold detection writeup
Practical comparison of baseline-driven and threshold-driven detection strategies across evolving environments.
detection-designbaseliningthresholds
2025-10-28
Schema drift telemetry health checks concept
Concept notes for detecting schema drift and missing fields before downstream analytics or detections fail.
telemetryschema-driftdata-quality
2025-10-02
DFIR triage workflow notes
Triage framework notes for evidence prioritization, enrichment, and escalation quality control.
dfirtriageworkflow
2025-09-15