Extracting logs.......Please wait........

0 %
avatar
Steven Butterworth
Detection Engineer.
Noise Killer.
Log Tamer.
  • Base:
    United Kingdom
  • City:
    Manchester
  • Clients:
    Global
Splunk ES
LogScale
Detection Engineering
Alert Tuning
Parser Builds
CRIBL
Use Case Dev
Data Normalisation
SIEM Architecture
  • Vetted, Gov/Defence
  • Log Strategy
  • SIEM Strategy
  • DevSecOps Delivery

Insights

Categories
October 28, 2025 / Masterclass
🔧 Detection-as-Code: What It Really Means

Masterclass Series – Part 2 🧭 TL;DR: It’s Not Just “Put Your Rules in Git” “Detection-as-Code” sounds like a trendy…

Read more
October 23, 2025 / Insights
The Cost of Crying Wolf: Why False Positives Are Killing Your SOC

Introduction It’s not the alerts you miss that break a SOC — it’s the thousands you never should have seen…

Read more
October 16, 2025 / Case Study
When CIM Mapping Goes Sideways: Lessons from a Broken Detection

🔎 Introduction Everything looked good on paper:âś… The detection rule was written.âś… The sourcetype was CIM-mapped.âś… The data model was…

Read more
October 14, 2025 / Masterclass
🧠 Macro-Driven Rule Logic – Splunk Masterclass 1/5

đź‘‹ Welcome to the LogSmith Splunk Masterclass This series is for detection engineers, Splunk admins, and SOC architects who want…

Read more
October 7, 2025 / Insights
5 Signs Your SIEM Is Too Noisy

And what to do about it before your SOC burns out Your SIEM might look functional. It might be alerting….

Read more
Case Study : Taming the 21,000-Alert-a-Day SIEM
October 6, 2025 / Case Study
Case Study : Taming the 21,000-Alert-a-Day SIEM

How I helped restore clarity and control to a chaotic Splunk ES environment

1 2
© 2025 LogSmith • SIEM Detection Engineering by Steven Butterworth
Email: steven@ukitguru.com