Build-my-own EDR/SIEM Roadmap Concept

Purpose

Explore system design tradeoffs for an internal learning roadmap spanning telemetry ingest, detection logic, and incident workflow orchestration.

Staged Roadmap

1. MVP telemetry ingestion and normalized event schema.
2. Rule execution and baseline anomaly support.
3. Case management and triage state modeling.
4. Analyst-assist and MCP/AI concept integration for workflow acceleration.

Guardrails

This is an architectural exploration only and intentionally excludes offensive or misuse-oriented implementation details.