A POC to implement Detection-as-Code with Terraform and Sumo Logic.
-
Updated
Jul 27, 2023 - Python
A POC to implement Detection-as-Code with Terraform and Sumo Logic.
ESLint-style linter for Sigma detection rules. Validates against Sigma 2.1.0, scores rules across six quality dimensions, emits stable rule IDs.
Official, curated detection content (Sigma, YARA, IOC packs) for the Rustinel endpoint detection engine.
Infrastructure as code for CrowdStrike — manage detections, saved searches, lookup files, and more with a Terraform-like lifecycle.
A Python-native Detection as Code Framework
A Pythonic Detection Rules Framework
Automated Detection-as-Code (DaC) CI/CD pipeline for validating and programmatically deploying SIEM detection rules via GitHub Actions and the Wazuh API
A curated reference of threat detection engineering & incident response frameworks, tools, and detection rule sources.
9 MITRE ATT&CK-mapped KQL detections on a live Microsoft Sentinel + Defender XDR environment (control-plane, endpoint, identity), with a PR-gated Detection-as-Code pipeline (GitHub Actions, OIDC), SOAR playbooks, and a SOC 2 control mapping.
Rust stream processing engine for real-time detection. Open-source Apache Flink alternative built for detection engineering, fraud prevention, and MITRE ATT&CK coverage. 1.5M events/sec, single 15MB binary, no JVM.
A threat hunter that lives in your terminal with memories in Notion.
42-project AWS SOC/SOAR portfolio with Wazuh, TheHive, Cortex, MISP, n8n, AWS security, Terraform, detection engineering, IR, dashboards, and GenAI/MCP/RAG/agentic AI security automation.
GitHub Action for Detection-as-Code (DaC) powered by RSigma: lint, validate, backtest, and ATT&CK coverage
Parallax — a self-hosted toolkit for SentinelOne AI-SIEM engineers: map parser & detection-library coverage, visualize MITRE ATT&CK gaps, and validate that detection rules actually fire by generating synthetic test logs from each rule's own logic and verifying the resulting alerts.
Detection as Code portfolio. Validated Python pipeline, Atomic Red Team telemetry, KQL, Sigma, and Sentinel-aligned detections.
Security infrastructure · Detection as code · Multi-cloud
Detection as Code pipeline for Splunk detections with YAML rules, schema and SPL validation, PR governance, self-hosted GitHub Actions, and automated Splunk REST deployment.
Detection-as-code and SOAR automation reference: platform-agnostic Sigma detection rules and response playbooks for enterprise security operations
Detection-as-code for Microsoft Sentinel and Defender XDR. 12 analytic rules, 10 hunting queries, 4 SOAR playbooks, ATT&CK Navigator coverage, CI validation, and full L3 SOC workflow documentation.
Add a description, image, and links to the detection-as-code topic page so that developers can more easily learn about it.
To associate your repository with the detection-as-code topic, visit your repo's landing page and select "manage topics."