home.social

#detectionascode — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #detectionascode, aggregated by home.social.

  1. SIEM 4.0: The Essentialist Evolution: jacknaglieri.substack.com/p/ge

    What to expect in SIEM 4.0:

    - Prioritizing impactful MITRE tactics rather than complete ATT&CK coverage.

    - Shifting from atomics to risk-based alerts that analyze groups of actions.

    - Opening up the data lake and introducing new criteria for open data platforms.

    - Controlling low-quality alerts through the adoption of “as code” principles.

    - Using AI to automate routine tasks allows humans to focus on high-value work.

    #siem #mitreattack #riskbased #DetectionAsCode

  2. Getting Started with Detection-as-Code and Chronicle Security Operations from David French:

    - In Part 1 David shares the principles and benefits of managing detection rules as code, an example detection engineering workflow used by security teams, and how to configure a CI/CD pipeline job in GitLab to pull existing detection rules via Chronicle’s API and commit them to a GitLab project: googlecloudcommunity.com/gc/Co

    - In Part 2, he demonstrates how to create and modify detection rules via Chronicle’s API: googlecloudcommunity.com/gc/Co

    #DetectionAsCode #detectionengineering #chroniclesecurityoperations

  3. In about 2 weeks we’re releasing something you might wanna see if you like #DetectionEngineering or #threatintel or #purpleteaming or #detectionascode -> TIDeMEC which implements #DetectionOps will be released at the FIRST Symphony Amsterdam