❯ ls ./blog
blue team field notes
Threat hunting, vulnerability management, detection engineering, and security operations.
I Built an AI Agent to Triage Sentinel Alerts — Here's What It Actually Does
Apr 26, 2026A walkthrough of building a Claude-powered SOC alert triage agent that queries Log Analytics, enriches IOCs, maps MITRE techniques, and writes the incident brief for you.
#SOC
#AI
#Microsoft Sentinel
#automation
#Python
#MITRE ATT&CK
#blue team
Threat Hunt: Scattered Invoice — BEC via MFA Fatigue
Apr 24, 2026A walkthrough of incident IR-2026-0225-BEC — tracing a business email compromise from MFA fatigue through inbox rule persistence to a £24,500 wire fraud.
#threat-hunting
#BEC
#Microsoft Sentinel
#KQL
#Scattered Spider
Building this blog
Feb 22, 2026Notes on migrating from Hugo to Astro and setting up the Obsidian-to-Netlify publishing workflow.
#meta
#astro
#obsidian