A POC to implement Detection-as-Code with Terraform and Sumo Logic.
-
Updated
Jul 27, 2023 - Python
#
detection-as-code
Here are 25 public repositories matching this topic...
A Python-native Detection as Code Framework
-
Updated
Jan 23, 2026 - Python
Infrastructure as code for CrowdStrike — manage detections, workflows, saved searches, and more with a Terraform-like lifecycle.
-
Updated
Apr 22, 2026 - Python
A Pythonic Detection Rules Framework
-
Updated
May 12, 2026 - Python
Resource for all things threat detection
security reference detection incident-response threat-modeling threat-intelligence mitre-attack detection-engineering risk-based detection-as-code risk-based-alerting distributed-alerting
-
Updated
Jan 31, 2025
Rust stream processing engine for real-time detection. Open-source Apache Flink alternative built for detection engineering, fraud prevention, and MITRE ATT&CK coverage. 1.5M events/sec, single 15MB binary, no JVM.
rust cep pattern-matching stream-processing complex-event-processing observability event-processing streaming-engine fraud-detection streaming-analytics mitre-attack threat-detection real-time-detection detection-engineering sigma-rules detection-as-code soc-automation flink-alternative ai-soc siem-alternative
-
Updated
May 10, 2026 - Rust
42-project AWS SOC/SOAR portfolio with Wazuh, TheHive, Cortex, MISP, n8n, AWS security, Terraform, detection engineering, IR, dashboards, and GenAI/MCP/RAG/agentic AI security automation.
incident-response siem misp cortex modsecurity soc cloudtrail aws-security security-automation threat-intelligence wazuh soar blue-team ai-security thehive-project detection-engineering suricate soc-analyst detection-as-code genai-security
-
Updated
May 11, 2026 - Python
Security infrastructure · Detection as code · Multi-cloud
-
Updated
Mar 14, 2026 - CSS
Validation harnesses, test cases, and reports for detection quality gates.
testing validation splunk siem soc security-automation wazuh blue-team detection-engineering ai-governance detection-as-code deterministic-verification
-
Updated
May 15, 2026 - Python
A comprehensive, modular Detection as Code framework for Microsoft Sentinel, deployable through Terraform with centralised configuration and automated documentation.
-
Updated
Aug 11, 2025 - PowerShell
Jibril Runtime Security Public Types. Important for unmarshalling events and similar needs.
kubernetes linux-security detection-rules edr detection-api kubernetes-security cwpp cloud-native-security cnapp detection-as-code detection-and-response
-
Updated
May 12, 2026 - Go
Detection-as-code for Microsoft Sentinel and Defender XDR. 12 analytic rules, 10 hunting queries, 4 SOAR playbooks, ATT&CK Navigator coverage, CI validation, and full L3 SOC workflow documentation.
incident-response cybersecurity threat-hunting soc security-automation logic-apps soar blue-team mitre-attack security-operations kql azure-sentinel detection-engineering sigma-rules defender-for-endpoint atomic-red-team microsoft-sentinel detection-as-code entra-id defender-xdr
-
Updated
May 14, 2026 - Python
This detection engineering repo is for the Detection as Code CI/CD pipeline
security automation ai pipeline detection cybersecurity infosec siem cicd soc devsecops ai-agents detection-rules cicd-pr-validation detection-as-code aidetection detectionengineering securityoperationscenter aisiem
-
Updated
May 15, 2026 - Python
All things Detection Engineering from Proposal to Detection-as-Code repository for Microsoft Sentinel and eventually Splunk. YAML-based detection rules mapped to MITRE ATT&CK and Cyber Kill Chain stages, enriched with lifecycle tags and automated for CI/CD deployment.
-
Updated
Apr 9, 2026 - Python
Detection as Code portfolio. Validated Python pipeline, Atomic Red Team telemetry, KQL, Sigma, and Sentinel-aligned detections.
python threat-hunting siem sigma mitre-attack kql detection-engineering atomic-red-team microsoft-sentinel detection-as-code
-
Updated
May 12, 2026 - Python
Static analysis tool to detect risky and inconsistent patterns in AI-assisted codebases
-
Updated
May 13, 2026 - Go
SOC manager toolkit for assessing detection engineering maturity using Elastic's DEBMM framework — dropdown-driven Excel assessment, auto-scoring, monthly history tracking, exec-ready PowerPoint reports.
elastic soc blue-team maturity-model security-operations detection-engineering detection-as-code debmm
-
Updated
Apr 29, 2026 - Python
Detection engineering lab using Python, SQL, and YAML to identify malicious behavior through log analysis and detection-as-code workflows.
python yaml sql log-analysis incident-response security-automation anomaly-detection defensive-security threat-detection security-analytics security-operations detection-engineering detection-as-code behavioral-detection
-
Updated
Apr 10, 2026 - Python
Detection as Code pipeline for Splunk detections with YAML rules, schema and SPL validation, PR governance, self-hosted GitHub Actions, and automated Splunk REST deployment.
yaml splunk siem spl soc security-automation devsecops mitre-attack github-actions detection-as-code
-
Updated
May 11, 2026 - Python
Improve this page
Add a description, image, and links to the detection-as-code topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the detection-as-code topic, visit your repo's landing page and select "manage topics."