CatsCrdl

CatsCrdl

Daniel's thoughts on infosec

Real Time vs Scheduled Query Detections - A Guide For Detection Engineers

Many SIEM tools nowadays offer the opportunity for you to write rules on streaming data or run scheduled queries on a periodic basis. But when should you use which and why? This blog post is designed to serve as a guide to those designing their detection architecture.

Daniel Wyleczuk-Stern

9-Minute Read

Analysis

Most modern SIEMs offer 2 primary methods for running their queries: real time rules and scheduled queries. Each option offers a variety of pros and cons that you should consider as you develop your detection. Before we dive into that, let’s clarify what we mean by each.

Recent Posts

Categories

About

A random collection of thoughts on cybersecurity.