A POC to implement Detection-as-Code with Terraform and Sumo Logic.
-
Updated
Jul 27, 2023 - Python
#
detection-as-code
Here are 37 public repositories matching this topic...
ESLint-style linter for Sigma detection rules. Validates against Sigma 2.1.0, scores rules across six quality dimensions, emits stable rule IDs.
-
Updated
Jun 12, 2026 - Python
Infrastructure as code for CrowdStrike — manage detections, workflows, saved searches, and more with a Terraform-like lifecycle.
-
Updated
Jun 11, 2026 - Python
A Python-native Detection as Code Framework
-
Updated
Jan 23, 2026 - Python
Official, curated detection content (Sigma, YARA, IOC packs) for the Rustinel endpoint detection engine.
security ioc incident-response sigma yara blue-team edr mitre-attack threat-detection detection-engineering detection-as-code rustinel
-
Updated
Jun 9, 2026 - Python
A Pythonic Detection Rules Framework
-
Updated
May 19, 2026 - Python
Resource for all things threat detection
security reference detection incident-response threat-modeling threat-intelligence mitre-attack detection-engineering risk-based detection-as-code risk-based-alerting distributed-alerting
-
Updated
Jan 31, 2025
9 MITRE ATT&CK-mapped KQL detections on a live Microsoft Sentinel + Defender XDR environment (control-plane, endpoint, identity), with a PR-gated Detection-as-Code pipeline (GitHub Actions, OIDC), SOAR playbooks, and a SOC 2 control mapping.
incident-response siem sigma soc soar blue-team azure-security mitre-attack threat-detection kql azure-sentinel detection-engineering microsoft-sentinel detection-as-code security-detection
-
Updated
Jun 14, 2026 - Kusto
Rust stream processing engine for real-time detection. Open-source Apache Flink alternative built for detection engineering, fraud prevention, and MITRE ATT&CK coverage. 1.5M events/sec, single 15MB binary, no JVM.
rust cep pattern-matching stream-processing complex-event-processing observability event-processing streaming-engine fraud-detection streaming-analytics mitre-attack threat-detection real-time-detection detection-engineering sigma-rules detection-as-code soc-automation flink-alternative ai-soc siem-alternative
-
Updated
Jun 9, 2026 - Rust
Security infrastructure · Detection as code · Multi-cloud
-
Updated
Mar 14, 2026 - CSS
A comprehensive, modular Detection as Code framework for Microsoft Sentinel, deployable through Terraform with centralised configuration and automated documentation.
-
Updated
Aug 11, 2025 - PowerShell
Detection as Code pipeline for Splunk detections with YAML rules, schema and SPL validation, PR governance, self-hosted GitHub Actions, and automated Splunk REST deployment.
yaml splunk siem spl soc security-automation devsecops mitre-attack github-actions detection-as-code
-
Updated
May 11, 2026 - Python
This detection engineering repo is for the Detection as Code CI/CD pipeline
security automation ai pipeline detection cybersecurity infosec siem cicd soc devsecops ai-agents detection-rules cicd-pr-validation detection-as-code aidetection detectionengineering securityoperationscenter aisiem
-
Updated
May 15, 2026 - Python
42-project AWS SOC/SOAR portfolio with Wazuh, TheHive, Cortex, MISP, n8n, AWS security, Terraform, detection engineering, IR, dashboards, and GenAI/MCP/RAG/agentic AI security automation.
incident-response siem misp cortex modsecurity soc cloudtrail aws-security security-automation threat-intelligence wazuh soar blue-team ai-security thehive-project detection-engineering suricate soc-analyst detection-as-code genai-security
-
Updated
Jun 13, 2026 - Python
Detection-as-code for Microsoft Sentinel and Defender XDR. 12 analytic rules, 10 hunting queries, 4 SOAR playbooks, ATT&CK Navigator coverage, CI validation, and full L3 SOC workflow documentation.
incident-response cybersecurity threat-hunting soc security-automation logic-apps soar blue-team mitre-attack security-operations kql azure-sentinel detection-engineering sigma-rules defender-for-endpoint atomic-red-team microsoft-sentinel detection-as-code entra-id defender-xdr
-
Updated
May 14, 2026 - Python
A threat hunter that lives in your terminal with memories in Notion.
golang security incident-response siem sigma claude detection-engineering anthropic llm-agent detection-as-code
-
Updated
Jun 15, 2026 - Go
Jibril Runtime Security Public Types. Important for unmarshalling events and similar needs.
kubernetes linux-security detection-rules edr detection-api kubernetes-security cwpp cloud-native-security cnapp detection-as-code detection-and-response
-
Updated
May 21, 2026 - Go
Parallax — a self-hosted toolkit for SentinelOne AI-SIEM engineers: map parser & detection-library coverage, visualize MITRE ATT&CK gaps, and validate that detection rules actually fire by generating synthetic test logs from each rule's own logic and verifying the resulting alerts.
docker xdr siem mitre-attack threat-detection security-operations fastapi detection-engineering sentinelone detection-as-code
-
Updated
Jun 2, 2026 - Python
All things Detection Engineering from Proposal to Detection-as-Code repository for Microsoft Sentinel and eventually Splunk. YAML-based detection rules mapped to MITRE ATT&CK and Cyber Kill Chain stages, enriched with lifecycle tags and automated for CI/CD deployment.
-
Updated
Apr 9, 2026 - Python
Improve this page
Add a description, image, and links to the detection-as-code topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the detection-as-code topic, visit your repo's landing page and select "manage topics."