Daniel's thoughts on infosec

Real Time vs Scheduled Query Detections - A Guide For Detection Engineers

Many SIEM tools nowadays offer the opportunity for you to write rules on streaming data or run scheduled queries on a periodic basis. But when should you use which and why? This blog post is designed to serve as a guide to those designing their detection architecture.

Daniel Wyleczuk-Stern

9-Minute Read


Most modern SIEMs offer 2 primary methods for running their queries: real time rules and scheduled queries. Each option offers a variety of pros and cons that you should consider as you develop your detection. Before we dive into that, let’s clarify what we mean by each.

A Shmoo's Guide to DC

While the hotel bar and the restaurants right around it present an easy opportunity to fill up, I feel like I owe it to provide some recommendations of where I think some of the best places to hang out around the hotel are.

Daniel Wyleczuk-Stern

3-Minute Read


Some of these recommendtions work best for Shmoocon in March vs Shmoocon in the cold of January.

Recent Posts



A random collection of thoughts on cybersecurity.