Registry

Coverage map of HawkinsOps closed claims and their Ledger review state. Every case study gets a row. Every row names its status honestly: reviewed, queued, not yet assigned, or a system surface that pairs at the component-claim level.

As of 2026-04-29 · 1 resolved · 2 reviewed/narrowed · 1 queued cross-cutting sub-claim · 18 unreviewed · 3 system surfaces

System & flagship

signalfoundry · hawkinsops.com

SignalFoundry

System surface Paired via component claims below.

detections · hawkinsops.com

Detection Coverage

System surface Paired via component claims below.

architecture · hawkinsops.com

Signal Architecture — AutoSOC System Model

System surface Paired via component claims below.

march-2026-deep-dive · hawkinsops.com

March 2026 System Hardening & Pipeline Evolution

No public review

Incident response & recovery

case-study-race-condition · hawkinsops.com

Production Race Condition Recovery

Resolved Reviewed on The Ledger: The Pipeline Ate Itself at Five Hundred Thousand.

case-study-pipeline-recovery · hawkinsops.com

Pipeline Fault Recovery — Two Failure Domains

No public review

case-study-ir-howe01 · hawkinsops.com

IR Case: Level 12 FIM Alert — Triage to BENIGN

No public review

case-study-ir-playbooks · hawkinsops.com

IR Playbook Library

No public review

case-study-cve-patch · hawkinsops.com

CVE-2025-55130 — Detect to Remediation

No public review

autosoc-hotfix-rca · hawkinsops.com

Hotfix RCA: Triage Quality Chart Renderer

No public review

autosoc-cutover · hawkinsops.com

AutoSOC Infrastructure Cutover

No public review

Detection engineering

case-study-sigma-library · hawkinsops.com

Sigma Detection Library

Reviewed/narrowed The Counter Certified Nothing: 103-rule Sigma library with count, drift, UUID uniqueness, and strict content validation. Runtime signal and universal SIEM deployability are not claimed.

case-study · hawkinsops.com

Wazuh Rule Blocks — Authored and Validated

No public review

case-study-wazuh · hawkinsops.com

Wazuh Windows Telemetry Remediation

Reviewed/narrowed The Dashboard Lied Politely: April 2026 remediation supports historical primary-endpoint process-creation telemetry restoration and manager-to-indexer delivery validation during the remediation window. Fleet-wide and current-runtime visibility are not claimed.

case-study-detection-harness · hawkinsops.com

Wazuh Detection Harness

No public review

case-study-splunk-detection-audit · hawkinsops.com

Splunk Detection Rule Audit — Four Noise Sources

No public review

blog-python2-to-python3 · hawkinsops.com

Migrating Legacy Detection Rules from Python 2 to Python 3

No public review

Threat hunting

case-study-threat-hunt-4688 · hawkinsops.com

Live Splunk Threat Hunt — EventID 4688

No public review

case-study-splunk-codex-hunt · hawkinsops.com

When AI Tooling Looks Like a LOLBin

No public review

Infrastructure & hardening

enterprise-security · hawkinsops.com

Enterprise Security Hardening

No public review

case-study-security-hardening · hawkinsops.com

Audit Policy Baseline Assessment

No public review

case-study-honeypot · hawkinsops.com

Cowrie Honeypot + Wazuh + Grafana

No public review

honeypot-proof · hawkinsops.com

Honeypot (Wazuh) Sanitized Alert Proof

No public review

case-study-soc-integration · hawkinsops.com

PP_SOC Integration — Live Detection Workflow

No public review

Cross-cutting sub-claims

auto-close metric · benchmark surfaces

Auto-close metric — ~88% headline figure

Queued Sub-claim across signalfoundry, case-studies, and proof. Review question: defend the headline with caveats, or retract.