SIEM & Threat intelligence/hunting notes¶

What’s inside?¶

A curated collection of actionable insights for security analysts, covering:

• SIEM techniques: Query templates, log correlation tricks, and alert-tuning tips.

• Threat intel integration: How to enrich alerts with IoCs (IPs, domains, hashes).

• Hunting methodologies: Proactive search patterns for stealthy threats.

Why keep these notes?¶

• Fast reference during investigations: No more Googling “Splunk brute-force query” mid-incident.

• Learn from real attacks: Includes mapped TTPs (e.g., “APT29 often uses PowerShell + DNS tunneling”).

• Bridge theory/practice: Converts concepts like MITRE ATT&CK into actual detection rules.

Write/Read¶

• Incident prevention

• Threat intelligence lifecycle

• Pyramid of pain

• Cyber kill chain

• MITRE ATT&CK framework

• Unified kill chain

• Diamond model

• Incident handling (NIST)

• Standards of communication

• SIEM stack

• Threat hunting