1 个仓库
Automated processes for deploying and updating security detection rules across environments.
Distinct from Automated Rule Management: None of the candidates cover the specific act of deploying detection rules as code via API
Explore 1 awesome GitHub repository matching devops & infrastructure · Detection Rule Deployment. Refine with filters or upvote what's useful.
This project is a detection-as-code framework providing a library of security monitoring rules and predefined detection content for Elasticsearch data indices. It serves as a threat detection rule library designed to identify malicious activity and attack patterns across diverse data streams in cloud and on-premises environments. The framework implements a detection engineering workflow where rules are defined in YAML and managed as versioned code. It includes a set of command-line utilities for automated rule deployment, metadata searching, and template generation, supported by a Python-base
Ships tools to automate the import and export of detection rules to the security engine.