← All work
CybersecuritySecurity
SOC Detection Lab & KQL Playbook
25+ documented threat-hunting queries, MITRE-mapped.
Internal showcaseStart something like this
/ the problem
Detection is only as good as the queries behind it. This lab demonstrates a repeatable, documented threat-hunting capability mapped to a known framework.
/ what we built
- 25+ documented KQL threat-hunting queries
- Microsoft Sentinel + Defender for Endpoint
- MITRE ATT&CK-mapped incident reports
- Simulated phishing-campaign investigations
/ the outcome
A documented, MITRE-mapped detection capability with 25+ threat-hunting queries — the security rigor we apply to every product we ship.
/ next case study
The Thesis Desk