About

Greetings, I am Sandor Tokesi, an esteemed cloud SIEM, SOC, and security expert. Nearly three years ago, I established this blog with the intention of sharing my extensive findings and experiences within the realm of DFIR to the wider community. Recognizing the scarcity of comprehensive blue teaming resources, I was compelled to share my knowledge.

Over the course of time, the focus of my blog has evolved in tandem with my changing interests and evolving roles. My articles now encompass an array of topics, ranging from Content Development, Rule Creation, Threat Hunt, SOC, and Security automation, with a recent emphasis on Cloud technologies, particularly Azure.

Presently, I am deeply engrossed in two pivotal areas:

• SOC Enhancement: I am dedicated to aiding the establishment of new Security Operation Centers and facilitating the progression of existing teams.
• Microsoft Sentinel: My endeavors encompass the deployment of new Microsoft Sentinel instances, assisting in the migration of other SIEMs to the cloud, and the development of custom Sentinel-based logics, detections, and associated resources.

Should you seek a dedicated collaborator for your SOC improvement or Microsoft Sentinel SIEM projects, I warmly invite you to reach out to me.