Hi, I am Sandor Tokesi, cloud SIEM, SOC and security expert. I started this blog almost 3 years ago to share my findings and experiences regarding DFIR with the community. I found that good blue teaming resources are hard to come by and since my focus that time was on forensics, I wanted to share as much as I can.

The niche covered by my blog changed over time as my interets and positions changed and thus I started to post about different topics. I’m writing articles touching on Content Development, Rule Creation, Threat Hunt, SOC and Security automation topics, but recently I create more resources about Cloud technologies (Azure).

Lately, my main focus consits of two big topics:

  • SOC enhancement: Helping in the build-up of new Security Operation Centers and facilitating the advancement of existing teams.
  • Azure Sentinel: Deploying new Azure Sentinel instances, helping the migration of other SIEMs to the cloud and developing custom Sentinel-based logics, detections and other related resources.