‼️We are introducing a tool for the first time…

🔨Hefaistos - AI assisted Detection-as-Code platform

📅 We are starting on January 31, 2025

Details and waiting list here - https://blog.dcg420.org/from-static-template-to-dynamic-forge-bringing-the-dcg420-standard-to-life-for-the-detectioniers-db4298e6bf22

#Detection #Detectionengineering #Detectionascode #DaC #Hefaistos

Intelligence-Driven Detection Engineering: From Threat Intel to Detection-as-Code (with the Pyramid of Pain & DML): https://detect.fyi/intelligence-driven-detection-engineering-from-threat-intel-to-detection-as-code-with-the-pyramid-b5f2f159be25

#threatintelligence #detectionengineering #DetectionAsCode

Detection Engineering: Practicing Detection-as-Code

- Part 1: https://blog.nviso.eu/2025/07/08/detection-engineering-practicing-detection-as-code-introduction-part-1/

- Part 2: https://blog.nviso.eu/2025/07/17/detection-engineering-practicing-detection-as-code-repository-part-2/

- Part 3: https://blog.nviso.eu/2025/08/05/detection-engineering-practicing-detection-as-code-validation-part-3/

- Part 4: https://blog.nviso.eu/2025/08/26/detection-engineering-practicing-detection-as-code-documentation-part-4/

#detectionengineering #threatdetection #DetectionAsCode

Detection as Code: A Maturity Framework: https://catscrdl.io/blog/detectionascodematurity/

#detectionengineering #DetectionAsCode

A Five Year Retrospective on Detection as Code: https://www.magonia.io/blog/five-year-retrospective-detection-as-code

#DetectionAsCode

SIEM 4.0: The Essentialist Evolution: https://jacknaglieri.substack.com/p/gen-4-siem

What to expect in SIEM 4.0:

- Prioritizing impactful MITRE tactics rather than complete ATT&CK coverage.

- Shifting from atomics to risk-based alerts that analyze groups of actions.

- Opening up the data lake and introducing new criteria for open data platforms.

- Controlling low-quality alerts through the adoption of “as code” principles.

- Using AI to automate routine tasks allows humans to focus on high-value work.

#siem #mitreattack #riskbased #DetectionAsCode

Getting Started with Detection-as-Code and Chronicle Security Operations from David French:

- In Part 1 David shares the principles and benefits of managing detection rules as code, an example detection engineering workflow used by security teams, and how to configure a CI/CD pipeline job in GitLab to pull existing detection rules via Chronicle’s API and commit them to a GitLab project: https://www.googlecloudcommunity.com/gc/Community-Blog/Getting-Started-with-Detection-as-Code-and-Chronicle-Security/ba-p/702154

- In Part 2, he demonstrates how to create and modify detection rules via Chronicle’s API: https://www.googlecloudcommunity.com/gc/Community-Blog/Getting-Started-with-Detection-as-Code-and-Chronicle-Security/ba-p/702956

#DetectionAsCode #detectionengineering #chroniclesecurityoperations

Ever wonder how #DetectionAsCode works, with a real sample process we had implemented - then check out an old #WhitePaper I wrote on the topic:

#Detection #UnitTest #Infosec #Cyber #DFIR

https://www.signalblur.io/detectors-as-code/