Detection Rules

Hunting queries and detection logic written or adapted while triaging real alerts. Mapped to MITRE ATT&CK, severity-tagged, and ready to paste into your SIEM. Click any rule's Copy button to grab the query.