Detection as Code - Detection Development Using CI/CD

Explore a modern approach to detection engineering using CI/CD in this 30-minute RSA Conference talk. Learn how to automate detection rule testing with Attack Range, an open-source tool for simulating adversary attacks in lab environments. Discover the CI/CD workflow for detection engineering, including commit detection schemas, branching workflows, and detection conversion and packaging. Dive into Mordor Labs, Attack Range architecture, and commands. Understand how to notify test outcomes and deploy detections effectively. Apply these cutting-edge techniques to enhance your organization's security posture through streamlined detection development processes.

Intro
CI/CD Workflow - Detection Engineering
Commit detection - detection schema
Commit detection - Branching workflow
Convert Detection & Package Detection
Test Detections
Mordor Labs
Attack Range Architecture
Attack Range Commands
Notify of test outcome
Deploy detections
Apply What You Have Learned Today