A week from now, I'll be speaking at Security Onion con alongside my good friend Josh Brower. We'll talk about human-centric investigation playbooks and how those manifest in Security Onion now. Hope to see you there in Augusta! securityonionsolutions.com/conference/

Really looking forward to this!

Thanks to everyone who attended. It's good to be back in Augusta. The links I mentioned can be found here: chrissanders.org/links

We’d love to see more feedback from orgs that rely on Sigma rules Even simple stats from production use are valuable. - A rule of level high that triggered 236,992 times probably needs rework. - A rule of level critical that triggered 234 times probably needs rework. - A rule of

New Sigma release r2025-10-01 is available for download. 🌟37 New Rules 🛡️16 Rule updates 🔬45 Rule Fixes Here is a quick overview: - New AWS and Github based rules covering deletion of VPC flows, KMS imports, changing archive status or pages of a repo - Winrs usage as a

Why do investigative playbooks work? #SOC #DFIR 1. In any given investigation, analysts ask investigative questions that they answer with data (evidence) to determine what happened and if malicious activity occurred.

Regression (True Positive) testing is coming to sigma starting from the next rule release in December. We will introduce a new CI that will validate a rule against a log. We will start with EVTX logs and extend beyond to other formats and logsources We're also introducing a

Watch out for Ea Nasir this Halloween!

the kids are quoting Chaucer

We have just released Rue Valley! This narrative RPG, inspired by games like Disco Elysium and classic Lucas Arts adventures, was developed by Emotion Spark Studio, and we helped them along the way as a publisher. Check out Rue Valley Release Trailer: #RueValley #RueValleyGame

LIFTOFF! All my courses on networkdefense.io are 25% off until Tuesday, 12/2, at midnight ET 🚀 This is the only sitewide sale we do all year, and the cheapest you'll see these courses. This event is for all y'all, so to get the discount, use code ALLYALL at checkout.

Good news everyone! 25% off my "Detection Engineering with Sigma" course! Use code "ALLYALL" at checkout. LearnSigmaRules.com #DetectionEngineering #InfoSec #SIGMA sigma Applied Network Defense

5 tickets let's gooo! #GoldenTicket Rural Tech Fund

Security Onion 2.4.200 now available with major improvements for our popular Onion AI Assistant! blog.securityonion.net/2025/12/securi…

Antigone Journal Chocolate bars featured highly on Diocletian’s Edict of Maximum Prices, I believe.

This court ruling on ICE is so damning and so infuriating:

I started Granitt in 2022 to help journalists and other groups of at-risk people continue to do their work safely and securely. Please get in touch if you’re looking for an assessment, policy and process development, training, or presentation. techcrunch.com/2022/07/15/gra…

Here is the newly-unsealed State Department memo confirming -- finally -- that the detention of Tufts student Rümeysa Öztürk was based on an op-ed. No antisemitic activity. No support of terrorism. An op-ed in a student newspaper.

We've updated our popular Security Onion Essentials video series! Peel back the layers and make your adversaries cry! youtube.com/playlist?list=…