I will create correlation rules for arcsight, rapid7, wazuh siem

Your SIEM is only as strong as the rules behind it.

Every day threats go undetected not because your tools are weak but because the detection logic was never built right.

What I offer:

Custom SIEM detection rules for ArcSight, Wazuh, and Rapid7 InsightIDR

Correlation rules mapped to MITRE ATT&CK tactics and techniques

Detection coverage for brute force, lateral movement, privilege escalation, LOLBin/Living-off-the-Land attacks, and data exfiltration

False positive tuning rules that fire when they should, not constantly

Log source analysis and field mapping validation before rule deployment

SOC-ready alert logic with clear rule descriptions and severity tagging

Why work with me:

I'm a hands-on SOC Analyst and Detection Engineer with real-world experience triaging high-volume alerts and building detection logic across enterprise SIEM environments. I don't just write rules I validate them against actual log data, tune out noise, and make sure your team gets actionable alerts. Every rule I deliver is production-tested, not theoretical.

What you get:

Fully written and tested SIEM correlation/detection rules

False positive reduction note

Send me a message to get started.