Speakers
Synopsis
Many security teams, especially those in larger enterprises are adopting “Detection-as-Code” to automate their Detection Engineering workflows. Detection-as-Code is a set of principles that use code and automation to implement and manage threat detection capabilities in an agile Continuous Detection/Continuous Response model. Managing detection rules “as code” offers benefits such as enhanced collaboration around changes to detection rules and robust change management and auditing practices.
Some larger enterprises that are subject to strict auditing may even disable access to edit detection rules in the UI of their SIEM and ensure that all rule modifications go through a review & approval process before they’re deployed.
In this session we will go through an introduction to Detection-as-code, we will also go through an example Detection Engineering workflow that a team can use for managing their detection rules as code in a software development environment such as GitHub or GitLab. In the example we will show jobs configured in a CI/CD pipeline to handle the testing and deployment of rule changes.
