Detection Engineering
SQL Injection Detection: A Defensive Guide
How to detect SQL injection across web, app, and database telemetry — with Sigma, Suricata, and SPL rules, a CVE-2025-1094 case study, and tuning tips. Lab-only.
#threat-hunting
2 articles
Detection Engineering
Writing Sigma Rules That Actually Fire (Not Just Compile)
A detection engineer's checklist for Sigma rules that survive contact with production — fidelity over coverage, tested logsources, tuned false positives, and CI.