A POC to implement Detection-as-Code with Terraform and Sumo Logic.
-
Updated
Jul 27, 2023 - Python
A POC to implement Detection-as-Code with Terraform and Sumo Logic.
ESLint-style linter for Sigma detection rules. Validates against Sigma 2.1.0, scores rules across six quality dimensions, emits stable rule IDs.
Infrastructure as code for CrowdStrike — manage detections, saved searches, lookup files, and more with a Terraform-like lifecycle.
Official, curated detection content (Sigma, YARA, IOC packs) for the Rustinel endpoint detection engine.
A Python-native Detection as Code Framework
A Pythonic Detection Rules Framework
Automated Detection-as-Code (DaC) CI/CD pipeline for validating and programmatically deploying SIEM detection rules via GitHub Actions and the Wazuh API
A curated reference of threat detection engineering & incident response frameworks, tools, and detection rule sources.
9 MITRE ATT&CK-mapped KQL detections on a live Microsoft Sentinel + Defender XDR environment (control-plane, endpoint, identity), with a PR-gated Detection-as-Code pipeline (GitHub Actions, OIDC), SOAR playbooks, and a SOC 2 control mapping.
Rust stream processing engine for real-time detection. Open-source Apache Flink alternative built for detection engineering, fraud prevention, and MITRE ATT&CK coverage. 1.5M events/sec, single 15MB binary, no JVM.
42-project AWS SOC/SOAR portfolio with Wazuh, TheHive, Cortex, MISP, n8n, AWS security, Terraform, detection engineering, IR, dashboards, and GenAI/MCP/RAG/agentic AI security automation.
A threat hunter that lives in your terminal with memories in Notion.
GitHub Action for Detection-as-Code (DaC) powered by RSigma: lint, validate, backtest, and ATT&CK coverage
Parallax — a self-hosted toolkit for SentinelOne AI-SIEM engineers: map parser & detection-library coverage, visualize MITRE ATT&CK gaps, and validate that detection rules actually fire by generating synthetic test logs from each rule's own logic and verifying the resulting alerts.
Security infrastructure · Detection as code · Multi-cloud
Detection as Code pipeline for Splunk detections with YAML rules, schema and SPL validation, PR governance, self-hosted GitHub Actions, and automated Splunk REST deployment.
A comprehensive, modular Detection as Code framework for Microsoft Sentinel, deployable through Terraform with centralised configuration and automated documentation.
Detection as Code portfolio. Validated Python pipeline, Atomic Red Team telemetry, KQL, Sigma, and Sentinel-aligned detections.
Detection-as-code for Microsoft Sentinel and Defender XDR. 12 analytic rules, 10 hunting queries, 4 SOAR playbooks, ATT&CK Navigator coverage, CI validation, and full L3 SOC workflow documentation.
Add a description, image, and links to the detection-as-code topic page so that developers can more easily learn about it.
To associate your repository with the detection-as-code topic, visit your repo's landing page and select "manage topics."