Download as PDF, PPTX
Uploaded byMauricio Velazco
Detection-as-Code: Test Driven Detection Development.pdf
The document discusses detection-as-code and test driven development for threat detection. It introduces challenges in threat detection and the need for continuous improvement through detection engineering. It advocates applying principles from DevOps like test-driven development, version control systems, and automated workflows to improve security posture. Test driven development for detections requires the capability to replicate attacks to test detections.
More Related Content
Similar to Detection-as-Code: Test Driven Detection Development.pdf
Detection-as-Code: Test Driven Detection Development.pdf
- 1. Detection-as-Code: Test Driven Detection Development MauricioVelazco @mvelazco
- 2. #whoami ✘ Threat Research@ Splunk ✘ @mvelazco ✘ Bsides, Derbycon, Defcon, BlackHat ✘ github.com/mvelazc0
- 3.
- 4.
- 5.
- 6. Detection Engineering Continuous processof building, deploying, tuning and operating detection analytics while applying engineering concepts.
- 7.
- 8.
- 9.
- 10. Test Detections Jose Hernandezand Patrick Bareiss, RSA 2020
- 11. Detection Language Version Control System Automated Workflows Test-Driven- Development Detection asCode Principles Jose Hernandez and Patrick Bareiss, RSA 2020
- 12. Test Driven Development …software development process relying on software requirements being converted to test cases before software is fully developed… https://www.kaizenko.com/what-is-test-driven-development-tdd/
- 13. Testing Detections Jose Hernandezand Patrick Bareiss, RSA 2020
- 14. Takeaways Applying engineering practicesto detection programs can improve your security posture. To shift to test driven development, teams need the capability to replicate attacks.
- 15. Detection-as-Code: Test Driven Detection Development MauricioVelazco @mvelazco