Jun 15, 2026 7 min read
Microsoft Sentinel and a Honeypot That Got Hit 50 Times in Under an Hour Connecting Microsoft Sentinel to the slytech.us hybrid environment, building custom detection rules mapped to MITRE ATT&CK, deploying a deliberately exposed honeypot VM, and watching real global attack traffic roll in.
#sentinel#honeypot#azure#siem#kql#threat-detection#defender#log-analytics
Mar 25, 2026 8 min read
AI-Assisted SOC Triage on Top of Splunk Using the Anthropic API Building a Python tool that pulls Windows Security events from Splunk and uses the Anthropic API to generate structured SOC triage reports with MITRE ATT&CK mapping.
#splunk#python#anthropic#mitre-attack#soc#ai#threat-detection#windows-security
Mar 25, 2026 7 min read
Building a Splunk SIEM Lab on Proxmox, Part 3: MITRE ATT&CK Mapping and Building a Complete SOC Workflow Integrating MITRE ATT&CK mapping with Splunk Security Essentials and building a complete SOC detection workflow.
#splunk#mitre-attack#detection-engineering#soc#cybersecurity#splunk-security-essentials#proxmox
Mar 24, 2026 6 min read
Building a Splunk SIEM Lab on Proxmox, Part 2: SPL Searches, Alerts, and Dashboards Building brute force detection with SPL, configuring scheduled alerts, and creating security dashboards in Splunk.
#splunk#spl#detection-engineering#windows#siem#cybersecurity#dashboard
Mar 23, 2026 6 min read
Building a Splunk SIEM Lab on Proxmox, Part 1: Install and Data Onboarding Setting up Splunk Enterprise on Proxmox with Universal Forwarders on Windows endpoints for real log collection.
#splunk#proxmox#windows#universal-forwarder#siem#cybersecurity#active-directory
Mar 6, 2026 4 min read
Setting Up Wazuh SIEM in My Homelab How to install Wazuh SIEM on Ubuntu Server in a homelab environment, including agent deployment and first security events.
#wazuh#proxmox#ubuntu#monitoring#siem#cybersecurity