Detection Posture Management Archives

Beyond SIEM: Building a Detection-First Security Data Architecture

Traditional SIEM architectures are under increasing strain as modern environments generate massive volumes of security telemetry from cloud, SaaS, containerized workloads, and identity systems. As data volumes grow, organizations face rising SIEM costs and operational

How to Prevent and Fix SIEM Rule Failures

Our blog recently outlined the top 10 reasons why rules silently fail, drawing on extensive analysis of SIEM rules in diverse enterprise environments. Check out five of the top 10 causes in part one, and

Part 2: Five of the Top Ten Ways SIEM Rules Silently Fail

Our security research team continuously analyzes high volumes of rules across diverse production SIEM environments–Splunk, Microsoft Sentinel, CrowdStrike next-gen SIEM, and Google SecOps (formerly Chronicle), and more–securing global enterprises with multiple billions of dollars in

Part 1: Five of the Top Ten Ways SIEM Rules Silently Fail

Over time, SIEM environments drift. Tooling expands, infrastructure evolves, and the engineers who built detections move on. In the process, rules quietly break. Ingestion pipelines are flowing, the dashboards still light up, but underneath, key

Living off WinRM: Abusing Complexity in Remote Management

Key Context: What Is LOLBAS Anyway? LOLBAS (Living Off The Land Binaries, Scripts, and Libraries) are legitimate Windows tools and binaries that attackers abuse to perform malicious actions without using custom malware. One of the

Detection Pitfalls You Might Be Sleeping On

Detection engineering isn’t just about finding bad behavior. It’s about understanding how attackers appear normal—on accident or by design. Some of the most successful evasion techniques don’t involve zero-days or encryption. They rely on you writing

The Analyst Who Cried Malware: Rethinking False Positives and Alert Fatigue

False positives aren’t just annoying. They’re corrosive. Every unnecessary alert chips away at the analyst’s attention span. Every poorly designed rule teaches the SOC to distrust its own tools. Every noisy detection makes it harder

Closing the Gaps in Linux Auditing & Detection Strategies

Linux systems are often overlooked when setting up security auditing and threat detection strategies. The main reason is that Linux auditing is far less explored by the security community than Windows auditing. A survey done

CardinalOps Solution Brief: Detection Posture Management

CardinalOps Detection Posture Management automates detection engineering processes and continuously expands your MITRE ATT&CK coverage, ensuring you detect the threats that matter most.

Detection, Evasion, and the Pursuit of Immutable Artifacts

You’re probably familiar with the classic thought experiment: If a tree falls in a forest and no one is around to hear it, does it make a sound? In cybersecurity, we can ask a similar

SANS 2024 Detection and Response Survey – Transforming Cybersecurity Operations: AI, Automation, and Integration in Detection and Response

Download the SANS 2024 Detection and Response Survey to discover insights from cybersecurity professionals on navigating today’s detection and response challenges. Key findings include:

CardinalOps Case Study: Repsol Increases SOC Efficiency and Productivity While Fixing Detection Gaps

See how Repsol, one of the world’s largest energy companies, integrated CardinalOps into their security operations and helped to optimize their SOC with automation, enhanced speed, and accuracy. With CardinalOps, Repsol SecOps significantly increased its