Skip to content

This detection engineering repo is for the Detection as Code CI/CD pipeline

License

Notifications You must be signed in to change notification settings

jaamaal/detection-lab

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

129 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Detection Lab

GitHub Repo

Metrics

A hands-on repository for implementing Detection as Code. This repo demonstrates building, testing, and deploying security detections using a CI/CD pipeline, making detection engineering repeatable, reliable, and automated.

Features

  • Detection as Code: Treat your detection rules like software, with version control and automated testing.
  • CI/CD Pipeline: Automate validation, testing, and deployment of detection rules.
  • Detection Rules: Ready-to-use templates for common attack patterns and suspicious behaviours.
  • Testing Frameworks: Simulate events and validate detection logic before deployment.
  • Observability Integration: Connect detections to SIEMs, log pipelines, and monitoring platforms.
  • Workflow Best Practices: Guidance for scalable and maintainable detection engineering.

Getting Started

  1. Clone the repository

    git clone https://github.com/jaamaal/detection-lab.git
    cd detection-lab
  2. Install Dependencies (Include instructions for Python, Node.js, or any runtime required.)

  3. Run Examples

    python examples/test_detection.py
  4. Add Your Own Detections Follow the templates in /rules to create new detection logic.

How It Works

  1. Write detection rules as code.
  2. Commit changes to the repository.
  3. CI/CD pipeline automatically runs tests and validation.
  4. Deploy tested detections to your monitoring or SIEM environment.
  5. Monitor alerts and iterate on rules as needed.

Contributing

We welcome contributions! To contribute:

  1. Fork the repo
  2. Create a feature branch (git checkout -b feature-name)
  3. Submit a pull request with a clear description and test coverage

License

This project is licensed under the MIT License. See the LICENSE file for details.