triath.xyz

Matthias von Ehr

Cloud Security Architect

Microsoft Security Stack. Detection Engineering. Pragmatic SecOps for DACH organizations.

MITRE KQL Explorer

About

I design and operate security architectures centered around the Microsoft Security Stack — Defender XDR, Microsoft Sentinel, Entra ID, and Intune. My work spans threat detection, identity governance, and endpoint security across complex enterprise environments.

Detection Engineering is a core focus: I build KQL-based detection rules, map them to MITRE ATT&CK, and maintain them in multi-tenant Microsoft Sentinel deployments.

Based in Saarland, working fully remote. Engagements primarily in German-speaking DACH organizations, delivered in German or English.

Work

MITRE KQL Explorer

Open-source tool for mapping MITRE ATT&CK techniques to KQL detections for Microsoft Sentinel and Defender XDR.

KQL MITRE ATT&CK Sentinel
in progress

More projects coming.

Writing

Regular posts on LinkedIn — Security Architecture, Detection Engineering, SecOps. Practical content for practitioners, not slideware.

Follow on LinkedIn

Contact

Email LinkedIn GitHub