https://broomstick.tymyrddin.dev/tags/detection-engineering/Recent content in Detection Engineering on The Broomstick BriefHugo -- 0.147.3enTue, 07 Apr 2026 00:00:00 +0000https://broomstick.tymyrddin.dev/posts/post-incident-reviews/Tue, 07 Apr 2026 00:00:00 +0000https://broomstick.tymyrddin.dev/posts/post-incident-reviews/After every significant security incident, there is a retrospective. Findings are documented, actions assigned, tickets closed. Then the next incident arrives, looking suspiciously familiar.https://broomstick.tymyrddin.dev/posts/ghost-detection/Sun, 05 Apr 2026 00:00:00 +0000https://broomstick.tymyrddin.dev/posts/ghost-detection/A detection rule is a bet. It says that if an attacker does something in a given environment, the rule will fire. That bet rests on an understanding of attacker behaviour at the time the rule was written. That understanding was incomplete then and has been drifting ever since.