Maturing Sec-Ops With Detection as Code
OVERVIEW
“This presentation is for security practitioners who are interested in learning about the fundamentals and benefits of Detection-as-Code and how to build a CI/CD pipeline to manage threat detection rules.
A traditional approach to detection rule management is for security practitioners to manually configure and maintain them within their security tools. Detection-as-Code is often a good fit for enterprises that need more collaboration and change management around their detection engineering processes.
Detection-as-Code is a set of principles that use code and automation to implement and manage threat detection capabilities. By leveraging software development practices, security teams can streamline their process for creating, testing, deploying, and maintaining detections by treating them as code artifacts.
This presentation will introduce the core concepts and benefits of Detection-as-Code before walking through a process of building and implementing a CI/CD pipeline. A practical threat detection use case will be utilized throughout the presentation before testing it end-to-end.”