You cannot escape me: Detecting evasions of SIEM rules in enterprise networks

Rafael Uetz, Marco Herzog, Louis Hackländer, Simon Schwarz, Martin Henze · 2024

1 Pith paper cite this work. Polarity classification is still indexing.

1 Pith paper citing it

browse 1 citing papers

representative citing papers

Evolution of Log-Based Detection Rules in Public Repositories

cs.CR · 2026-05-06 · unverdicted · novelty 6.0

Analysis of 6,859 rule histories shows 56% undergo detection logic revisions, with over half both adding and removing clauses and a quarter to a third alternating between coverage expansion and false-positive reduction.

citing papers explorer

Showing 1 of 1 citing paper.

Evolution of Log-Based Detection Rules in Public Repositories cs.CR · 2026-05-06 · unverdicted · none · ref 15
Analysis of 6,859 rule histories shows 56% undergo detection logic revisions, with over half both adding and removing clauses and a quarter to a third alternating between coverage expansion and false-positive reduction.

You cannot escape me: Detecting evasions of SIEM rules in enterprise networks

fields

years

verdicts

representative citing papers

citing papers explorer