A POC to implement Detection-as-Code with Terraform and Sumo Logic.
-
Updated
Jul 27, 2023 - Python
#
detection-as-code
Here are 29 public repositories matching this topic...
A Python-native Detection as Code Framework
-
Updated
Jan 23, 2026 - Python
Infrastructure as code for CrowdStrike — manage detections, workflows, saved searches, and more with a Terraform-like lifecycle.
-
Updated
Apr 22, 2026 - Python
A Pythonic Detection Rules Framework
-
Updated
May 19, 2026 - Python
Resource for all things threat detection
security reference detection incident-response threat-modeling threat-intelligence mitre-attack detection-engineering risk-based detection-as-code risk-based-alerting distributed-alerting
-
Updated
Jan 31, 2025
ESLint-style linter for Sigma detection rules. Validates against Sigma 2.1.0, scores rules across six quality dimensions, emits stable rule IDs.
-
Updated
May 29, 2026 - Python
Rust stream processing engine for real-time detection. Open-source Apache Flink alternative built for detection engineering, fraud prevention, and MITRE ATT&CK coverage. 1.5M events/sec, single 15MB binary, no JVM.
rust cep pattern-matching stream-processing complex-event-processing observability event-processing streaming-engine fraud-detection streaming-analytics mitre-attack threat-detection real-time-detection detection-engineering sigma-rules detection-as-code soc-automation flink-alternative ai-soc siem-alternative
-
Updated
May 10, 2026 - Rust
Security infrastructure · Detection as code · Multi-cloud
-
Updated
Mar 14, 2026 - CSS
42-project AWS SOC/SOAR portfolio with Wazuh, TheHive, Cortex, MISP, n8n, AWS security, Terraform, detection engineering, IR, dashboards, and GenAI/MCP/RAG/agentic AI security automation.
incident-response siem misp cortex modsecurity soc cloudtrail aws-security security-automation threat-intelligence wazuh soar blue-team ai-security thehive-project detection-engineering suricate soc-analyst detection-as-code genai-security
-
Updated
May 30, 2026 - Python
Detection-as-code for Microsoft Sentinel and Defender XDR. 12 analytic rules, 10 hunting queries, 4 SOAR playbooks, ATT&CK Navigator coverage, CI validation, and full L3 SOC workflow documentation.
incident-response cybersecurity threat-hunting soc security-automation logic-apps soar blue-team mitre-attack security-operations kql azure-sentinel detection-engineering sigma-rules defender-for-endpoint atomic-red-team microsoft-sentinel detection-as-code entra-id defender-xdr
-
Updated
May 14, 2026 - Python
Detection as Code pipeline for Splunk detections with YAML rules, schema and SPL validation, PR governance, self-hosted GitHub Actions, and automated Splunk REST deployment.
yaml splunk siem spl soc security-automation devsecops mitre-attack github-actions detection-as-code
-
Updated
May 11, 2026 - Python
A comprehensive, modular Detection as Code framework for Microsoft Sentinel, deployable through Terraform with centralised configuration and automated documentation.
-
Updated
Aug 11, 2025 - PowerShell
This detection engineering repo is for the Detection as Code CI/CD pipeline
security automation ai pipeline detection cybersecurity infosec siem cicd soc devsecops ai-agents detection-rules cicd-pr-validation detection-as-code aidetection detectionengineering securityoperationscenter aisiem
-
Updated
May 15, 2026 - Python
Jibril Runtime Security Public Types. Important for unmarshalling events and similar needs.
kubernetes linux-security detection-rules edr detection-api kubernetes-security cwpp cloud-native-security cnapp detection-as-code detection-and-response
-
Updated
May 21, 2026 - Go
Detection engineering rules, mappings, tests, and tuning artifacts.
splunk incident-response siem soc security-automation wazuh blue-team mitre-attack threat-detection detection-engineering sigma-rules detection-as-code
-
Updated
May 30, 2026 - Python
All things Detection Engineering from Proposal to Detection-as-Code repository for Microsoft Sentinel and eventually Splunk. YAML-based detection rules mapped to MITRE ATT&CK and Cyber Kill Chain stages, enriched with lifecycle tags and automated for CI/CD deployment.
-
Updated
Apr 9, 2026 - Python
Validation harnesses, test cases, and reports for detection quality gates.
testing validation splunk siem soc security-automation wazuh blue-team detection-engineering ai-governance detection-as-code deterministic-verification
-
Updated
May 30, 2026 - Python
Comprehensive Splunk security alerting framework for monitoring production environments
-
Updated
May 12, 2026 - Shell
Detection as Code portfolio. Validated Python pipeline, Atomic Red Team telemetry, KQL, Sigma, and Sentinel-aligned detections.
python threat-hunting siem sigma mitre-attack kql detection-engineering atomic-red-team microsoft-sentinel detection-as-code
-
Updated
May 19, 2026 - Python
Improve this page
Add a description, image, and links to the detection-as-code topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the detection-as-code topic, visit your repo's landing page and select "manage topics."