‼️We are introducing a tool for the first time…
🔨Hefaistos - AI assisted Detection-as-Code platform
📅 We are starting on January 31, 2025
Details and waiting list here - https://blog.dcg420.org/from-static-template-to-dynamic-forge-bringing-the-dcg420-standard-to-life-for-the-detectioniers-db4298e6bf22
#Detection #Detectionengineering #Detectionascode #DaC #Hefaistos
Intelligence-Driven Detection Engineering: From Threat Intel to Detection-as-Code (with the Pyramid of Pain & DML): https://detect.fyi/intelligence-driven-detection-engineering-from-threat-intel-to-detection-as-code-with-the-pyramid-b5f2f159be25
Detection Engineering: Practicing Detection-as-Code
Detection as Code: A Maturity Framework: https://catscrdl.io/blog/detectionascodematurity/
A Five Year Retrospective on Detection as Code: https://www.magonia.io/blog/five-year-retrospective-detection-as-code
SIEM 4.0: The Essentialist Evolution: https://jacknaglieri.substack.com/p/gen-4-siem
What to expect in SIEM 4.0:
- Prioritizing impactful MITRE tactics rather than complete ATT&CK coverage.
- Shifting from atomics to risk-based alerts that analyze groups of actions.
- Opening up the data lake and introducing new criteria for open data platforms.
- Controlling low-quality alerts through the adoption of “as code” principles.
- Using AI to automate routine tasks allows humans to focus on high-value work.
Getting Started with Detection-as-Code and Chronicle Security Operations from David French:
- In Part 1 David shares the principles and benefits of managing detection rules as code, an example detection engineering workflow used by security teams, and how to configure a CI/CD pipeline job in GitLab to pull existing detection rules via Chronicle’s API and commit them to a GitLab project: https://www.googlecloudcommunity.com/gc/Community-Blog/Getting-Started-with-Detection-as-Code-and-Chronicle-Security/ba-p/702154
- In Part 2, he demonstrates how to create and modify detection rules via Chronicle’s API: https://www.googlecloudcommunity.com/gc/Community-Blog/Getting-Started-with-Detection-as-Code-and-Chronicle-Security/ba-p/702956
#DetectionAsCode #detectionengineering #chroniclesecurityoperations
In about 2 weeks we’re releasing something you might wanna see if you like #DetectionEngineering or #threatintel or #purpleteaming or #detectionascode -> TIDeMEC which implements #DetectionOps will be released at the FIRST Symphony Amsterdam
Ever wonder how #DetectionAsCode works, with a real sample process we had implemented - then check out an old #WhitePaper I wrote on the topic:
