SIEM

Cisco Talos reported that 40% of all intrusions in Q4 2025 came from exploited vulnerabilities. Phishing dropped to second place. The security awareness training programs running at most organizations have not caught up. Defenders are losing ground. The monitoring infrastructure was built for an attack pattern that is no longer the primary one. Where the Training Points Phishing awareness training is calibrated for email-borne threats. A user who hovers before clicking, checks the sender domain, and reports a suspicious attachment is an asset. The training addresses a real threat category. ...

Author: Mario Martinez Jr. (ku5e / Gary7) | TryHackMe USA Rank #76 | Top 1% Difficulty: Medium Topics: XDR/SIEM, Rule Syntax, Regex, Threat Detection Answers are redacted within the narrative to allow you to complete the tasks on your own, but a full table of answers is available at the end of this walkthrough. In this lab, we step into the role of a SOC analyst responsible for fine-tuning a Wazuh deployment. The default rule set captures many common threats, but specialized environments require custom detection logic to identify sophisticated adversary behavior. We focus on modifying the local rules configuration to trigger alerts based on specific log patterns and nested logic. ...

Author: Mario Martinez Jr. (ku5e / Gary7) | TryHackMe USA Rank #76 | Top 1% Difficulty: Easy/Medium Topics: Data Visualization, SPL (Search Processing Language), Operational Intelligence Answers are redacted within the narrative to allow you to complete the tasks on your own, but a full table of answers is available at the end of this walkthrough. This room covers advanced Splunk capabilities, specifically how to organize data, create recurring reports, and build visual dashboards to monitor security events. ...