Where every claim in SecProve
comes from.

Curated newsletter covering detection engineering practices, tools, and techniques. Practical resource for SOC and detection teams.

Computer security incident handling guide covering detection, analysis, containment, eradication, and recovery.

Knowledge base of adversary tactics and techniques based on real-world observations. The industry standard for threat modeling.

Generic signature format for SIEM systems. Documentation on writing, testing, and deploying detection rules.

Comprehensive survey of ML applications in cybersecurity. Covers supervised/unsupervised approaches for intrusion detection, malware analysis, phishing detection. Maps ML techniques to security use cases with performance benchmarks.

Open-source detection rules for Elastic Security. Covers a wide range of attack techniques mapped to MITRE ATT&CK.

Sec-PaLM and Security AI Workbench for threat intelligence summarization and detection. Shows how LLMs are being applied to SOC workflows — not just pattern matching but contextual threat analysis.

Research on using LLMs for automated triage, alert correlation, and response orchestration. Includes studies on analyst productivity gains and error reduction.

LLM-powered security assistant. Technical docs cover prompt engineering for security, incident summarization, KQL generation. Useful for questions about practical LLM integration in SOC, not product features.

MITRE's automated adversary emulation platform. Runs pre-defined or custom attack sequences to test defenses.

Web-based tool for annotating and exploring the ATT&CK matrix. Useful for threat modeling, gap analysis, and red team planning.

Knowledge graph of cybersecurity countermeasures. Maps defensive techniques to the ATT&CK techniques they counter.

Library of tests mapped to the MITRE ATT&CK framework. Small, portable detection tests for validating security controls.