Blog
Honest writing on detection.
No "today's threat landscape" allowed.
2026-06-01 Pillar
Why your EDR won't tell you what's wrong
CrowdStrike, Defender, SentinelOne — every one of them fires alerts you can't decode without an enterprise CSM. Here's why, and what to do about it.
2026-06-08
Reading a brute-force alert: a walkthrough
From the 4625 event hitting your endpoint to the 9-factor score on your dashboard, narrated step by step.
2026-06-15
Why we built ABTDS on Isolation Forest + Sigma, not just one
Anomaly detection catches the novel. Signatures catch the known. We refuse to make you pick.
2026-06-22
What MITRE ATT&CK actually means for a 50-person company
ATT&CK was built for Fortune 500 SOCs. We translate it for the IT manager who has 90 seconds.
These posts are written but unpublished — the formatting pass lands shortly. Email founders@abtds.io for early drafts.