Does the SOC have a Memory Problem?? A better approach to your field notes feat. K.C Yerrid

KC Yerrid joins Detection Dispatch to break down SCOUT — a local-first, open-source analyst cockpit built around atomic notes, entity relationships, and structured investigation memory.

The SCOUT Project Github: https://github.com/kcyerrid/SCOUT

In this episode, we explore:

• Why static investigation notes rarely get referenced again and why tribal knowledge evaporates after every incident
• Why “everything is an entity” is a massive shift for analysts
• How graph-based sensemaking helps visualize relationships, dashboards can’t
• Why brittle SOAR playbooks fail (investigations aren’t linear — you can’t pre-plan every branch)
• Why investigations don’t fit neatly into tickets and timelines
• And how better documentation makes AI actually useful later

Plus: junior analysts can level up faster with entity-based thinking.

If you have to keep re-learning the same lessons every quarter… this one’s for you.

Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

‍