It has always been a challenge to detect threat actors, and this presentation will reveal a scalable security monitoring function empowered by open source knowledge repositories and tools. Together, we’ll explore the initial no-cost steps to start regaining the initiative via security monitoring including: log gathering, finding and identifying gaps detection, and testing of detection capabilities.