Welcome To the ThreatHunting Chronicles

Field notes from a Cybersecurity Analyst

ThreatHunter Chronicles

I’m David and proud to be a Microsoft MVP in Security (SIEM & XDR). I use this blog as my digital outpost for sharing what I’ve learned (and what I’m still figuring out) when it comes to threat detection, log investigation, and data parsing in modern SOC environments.

Whether it’s exploring the weird edge cases of KQL, reverse-engineering beaconing patterns, or just having a bit of fun with SIEM-ingly useless detections, this is where it all gets documented — clearly, practically, and sometimes with a touch of humor.

Categories

I’ve come up with three categories that I’ll try to file my notes, findings and ideas under.

Logwatcher’s Zenit

This is the main category. I’m diving into logs and parsing them with KQL or other languages. When it comes to XDR solutions, I’m mainly using Microsoft Sentinel but don’t be surprised if there’s any occurance of Splunk and ELK as well.

Dirty Bits

This category is when I do a quick hack to make it work. I might not be proud with the solution, but I’m always happy with the result.

KQLture Club

For those SIEM-ingly useless queries that you didn’t know that you needed in your field notebook.

Code Examples on GitHub

All the code examples, queries and so on, will be published on my GitHub page which you find here: https://github.com/PaleSkinnySwede/ThreatHunter-Chronicles/tree/main

I believe cybersecurity knowledge should be shared, not hoarded nor gatekept. So if you’re into signal over noise, meaningful detection engineering, or just enjoy nerding out over log data — you’re in the right place.

Feel free to reach out, comment, or just lurk quietly in the background. We’ve all got logs to hunt and coffee to drink. And logs don’t lie.

Welcome to the ThreatHunter Chronicles.