The Telemetry Forge

Building an Edge AI Inference Pipeline for Security Operations: Architecture and Concepts (Part 1 of 4)

Thu, 07 May 2026 00:00:00 +0000

Architecture and concepts for building a Jetson Nano edge inference pipeline wired to Splunk ES for AI-driven security detection. Part 1 of 4.

Building the DSDL-Native Inference Container on Jetson Nano (Part 2 of 4)

Thu, 07 May 2026 00:00:00 +0000

Build the ARM64 Docker inference container for Jetson Nano -- Dockerfile, DSDL-native Flask app, TLS certificates, and 4-node deployment. Part 2 of 4.

Wiring the Pipeline: DSDL Configuration, HEC, and Splunk Integration (Part 3 of 4)

Thu, 07 May 2026 00:00:00 +0000

Complete DSDL 5.2.3 configuration for Splunk -- docker.conf, containers.conf, HEC cluster bundle, and end-to-end smoke tests. Part 3 of 4.

Real Security Data: Training and Deploying Anomaly Detection Models (Part 4 of 4)

Thu, 07 May 2026 00:00:00 +0000

Train Isolation Forest models on Zeek conn logs, DNS, and Windows auth events. Build ES correlation rules that generate AI-scored notable events. Part 4 of 4.

About

Thu, 07 May 2026 00:00:00 +0000

Ted Skinner

Security architect and SOC engineer with a focus on detection engineering, security telemetry, and operationalizing machine learning in security operations.

The Telemetry Forge documents builds done in a real security lab – not cloud demos, not toy datasets. Every post is written at the depth a senior security engineer needs to actually replicate the work, including what broke and why.

Lab Environment

Splunk Enterprise 10.0 with Enterprise Security
4-node NVIDIA Jetson Nano cluster (JetPack 4.6.6)
Zeek IDS, Suricata, Splunk Stream
Windows event log collection
Custom edge AI inference pipeline (DSDL 5.2.3)

Topics Covered

Detection engineering and SIEM architecture
Edge AI and machine learning for security operations
Security telemetry pipeline design
Threat hunting with Splunk SPL
SOC automation and workflow engineering

Contact

Reach out via LinkedIn or GitHub.