| 10/15/2024 | David French | Securing Your CI/CD Pipeline: Eliminate Long-Lived Credentials with Workload Identity Federation | Blog |
| 10/01/2024 | David French | Monitoring for Unexpected Rule Changes in Google Security Operations | Blog |
| 09/25/2024 | David French | Practical Techniques for Monitoring Your Security Data Pipeline | Blog |
| 09/08/2024 | David French, Wade Wells | Maturing SecOps with Detection-as-Code @ Blue Team Con | Presentation |
| 08/06/2024 | David French | Detection Engineering Demystified Building Custom Detections for GitHub Enterprise @ BSides Las Vegas (Slides, Recording) | Presentation |
| 06/19/2024 | David French | Monitoring for Suspicious GitHub Activity with Google Security Operations | Blog |
| 06/08/2024 | David French | From soup to nuts: Building a Detection-as-Code pipeline @ BSides San Antonio | Presentation |
| 05/18/2024 | David French | From soup to nuts: Building a Detection-as-Code pipeline @ BSides Dublin (Slides, Recording) | Presentation |
| 03/30/2024 | David French | From soup to nuts: Building a Detection-as-Code pipeline @ BSides San Diego | Presentation |
| 03/06/2024 | David French | From soup to nuts: Building a Detection-as-Code pipeline @ FIRST Technical Colloquium | Presentation |
| 01/30/2024 | David French | Getting Started with Detection-as-Code and Chronicle Security Operations | Blog |
| 12/05/2023 | David French | Detecting Suspicious Domains in Chronicle Using Entity Enrichment Data | Blog |
| 07/27/2023 | David French | From soup to nuts: Building a Detection-as-Code pipeline | Blog |
| 07/12/2022 | David French | Threat hunting in Okta logs | Blog |
| 08/04/2021 | David French (Black Hat Bio) | Black Hat Arsenal 2021: Using Dorothy to Test Okta SSO Visibility and Detection | Presentation |
| 12/08/2020 | David French | Dorothy: A tool to test security monitoring and detection for Okta environments Blog, Presentation | Tool |
| 08/21/2020 | Brent Murphy, David French | Security operations: Cloud monitoring and detection with Elastic Security | Blog |
| 08/13/2020 | David French, Neil Desai | Threat hunting capture the flag with Elastic Security: BSides 2020 | Blog |
| 08/11/2020 | Bobby Filar, David French | ProblemChild: Discovering Anomalous Patterns based on Parent-Child Process Relationships | Paper |
| 08/11/2020 | David French, Devon Kerr | How to Plan and Execute a Hunt | Presentation |
| 07/11/2020 | David French, Daniel Stepanic, Devon Kerr, Justin Ibarra, Neil Desai | Threat Hunting Capture the Flag at BSides SATX | CTF |
| 03/24/2020 | David French, Brent Murphy | Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1, Part 2) | Blog |
| 03/20/2020 | David French, Bobby Filar | A Chain Is No Stronger Than Its Weakest LNK @ BSides SLC (Video, Slides) | Presentation |
| 02/24/2020 | David French, Brent Murphy | The Elastic Guide to Threat Hunting | Book |
| 02/18/2020 | Brent Murphy, David French | Hunting for persistence using Elastic Security | Webinar |
| 12/04/2019 | David French | Ransomware, interrupted: Sodinokibi and the supply chain | Blog |
| 10/25/2019 | Bobby Filar, David French, Hyrum Anderson | ProblemChild: Discovering Anomalous Patterns based on Parent-Child Process Relationships @ CAMLIS (Slides, Video) | Presentation |
| 08/16/2019 | David French | Detecting Adversary Tradecraft with Image Load Event Logging and EQL | Blog |
| 10/09/2018 | David French | Detecting & Removing an Attacker’s WMI Persistence | Blog |
| 10/02/2018 | David French | Detecting Attempts to Steal Passwords from Memory | Blog |
| 10/02/2018 | David French | Detecting Attempts to Steal Passwords from the Registry | Blog |
| 10/01/2018 | David French | How to Setup “Cowrie” — An SSH Honeypot | Blog |
| 09/30/2018 | David French | 5-Minute Analysis of a Remote Access Trojan | Blog |
| 09/30/2018 | David French | Detecting Lateral Movement | Blog |
| 10/04/2017 | David French | Passive Reconnaissance Techniques for Your Defense @ FS-ISAC Summit | Presentation |