Summary
This section is for practical blue-team workflows. These notes should answer “how do I investigate this?” or “how do I approach this security task?” rather than only define terms.
What belongs here
- alert triage workflows
- detection validation
- simple investigation checklists
- practical lab steps connected to SIEM and logging
How to use this section
- Start here when you need a repeatable investigation or triage flow
- Use Commands for quick checks during the workflow
- Use Concepts when you need the security reasoning behind the steps
Available guides
- Basic Alert Triage
- Detection Validation and Rule Tuning Workflow
- Investigation Workflow
- Severity, Escalation, and When To Hand Off