Mostafa Moradian – Medium

Mostafa Moradian

Mostafa Moradian

·

5d ago

The State of RSigma

A tour of what one Rust binary does for detection engineering today, and where it is headed

The State of RSigma

Mostafa Moradian

·

May 25

Cloud Detection at Scale on a Laptop

How RSigma streams 1.9 million CloudTrail events through a community IR playbook

Cloud Detection at Scale on a Laptop

Mostafa Moradian

·

May 12

Wiring Live Threat Intel into Sigma Detection with Dynamic Pipelines

Turning public threat feeds into live detection without rewriting a single rule

Wiring Live Threat Intel into Sigma Detection with Dynamic Pipelines

Mostafa Moradian

·

May 5

Security Observability with RSigma and the LGTM Stack

Converting Sigma Rules to Dynamic Grafana Alerts

Security Observability with RSigma and the LGTM Stack

In

ITNEXT

by

Mostafa Moradian

·

Apr 29

Building a Detection Layer on PostgreSQL with Sigma Rules

How RSigma turns 3,800+ community detection rules into SQL queries for TimescaleDB

Dark, neon-green technical blog banner for mostafa.dev titled “Building a Detection Layer on PostgreSQL with Sigma Rules,” showing a PostgreSQL database stack, SQL query panel, lowercase sigma symbol, network-style detection flow, and PostgreSQL, TimescaleDB, and RSigma labels.

In

ITNEXT

by

Mostafa Moradian

·

Apr 24

Streaming Logs to RSigma for Real-Time Detection

Turning Four Routine Okta Detections into One Critical Alert

Wide dark-themed technical banner for an RSigma tutorial. It shows Okta security events flowing through HTTP, NATS, and stdin/file inputs into a central RSigma detection engine, which outputs detections to stdout, file, and NATS. The banner highlights a critical alert for an Okta cross-tenant impersonation attack, correlating four routine detections from the same actor within 30 minutes.

In

ITNEXT

by

Mostafa Moradian

·

Mar 4

Declarative Audit Log Collection from HTTP APIs

Introducing Helr: a Rust-based generic HTTP API log collector that turns YAML config into a resilient log pipeline

Declarative Audit Log Collection from HTTP APIs

In

ITNEXT

by

Mostafa Moradian

·

Feb 24

Pattern Detection and Correlation in JSON Logs

Introducing RSigma: a Rust toolkit for evaluating Sigma detection rules against JSON events without a SIEM

Pattern Detection and Correlation in JSON Logs

Mostafa Moradian

·

Dec 2, 2025

GCP Canary Tokens

How to create and monitor GCP service accounts as canary tokens

GCP Canary Tokens

Mostafa Moradian

·

Nov 3, 2025

Detection as Code

How to Build an Automated Security Detection Pipeline with GitHub Actions, Sigma, Grafana and Loki

Mostafa Moradian

Mostafa Moradian

Lead Security Engineer at Tiger Data

Following

Help

Status

About

Careers

Press

Blog

Store

Privacy

Rules

Terms

Text to speech