This is the code repository for Automating Security Detection Engineering, published by Packt.
A hands-on guide to implementing Detection as Code
This book focuses entirely on the automation of detection engineering with practice labs, and technical guidance that optimizes and scales detection focused programs. Using this book as a bootstrap, practitioners can mature their program and free up valuable engineering time.
This book covers the following exciting features:
- Understand the architecture of Detection as Code implementations
- Develop custom test functions using Python and Terraform
- Leverage common tools like GitHub and Python 3.x to create detection-focused CI/CD pipelines
- Integrate cutting-edge technology and operational patterns to further refine program efficacy
- Apply monitoring techniques to continuously assess use case health
- Create, structure, and commit detections to a code repository
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter02.
The code will look like the following:
if {
event1 == True,
{
event2 == True,
{
event3
}
}
}
Following is what you need for this book: This book is for security engineers and analysts responsible for the day-to-day tasks of developing and implementing new detections at scale. If you’re working with existing programs focused on threat detection, you’ll also find this book helpful. Prior knowledge of DevSecOps, hands-on experience with any programming or scripting languages, and familiarity with common security practices and tools are recommended for an optimal learning experience.
With the following software and hardware list you can run all code files present in the book (Chapter 1-10).
| Chapter | Software required | OS required |
|---|---|---|
| 1-10 | A computer capable of running an Ubuntu-based VM concurrently, with a recommended 8 CPU cores and 16 GB of memory for the host machine | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Amazon Web Services (AWS) | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Atlassian Jira Cloud | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Cloud Custodian | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Cloudfl are WAF | Windows, Mac OS X, and Linux (Any) |
| 1-10 | CodeRabbit AI | Windows, Mac OS X, and Linux (Any) |
| 1-10 | CrowdStrike Falcon EDR | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Datadog Cloud SIEM | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Git CLI | Windows, Mac OS X, and Linux (Any) |
| 1-10 | GitHub | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Google Chronicle | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Google Colab | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Hashicorp Terraform | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Microsoft VS Code | Windows, Mac OS X, and Linux (Any) |
| 1-10 | PFSense Community Edition | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Poe.com AI | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Python 3.9+ | Windows, Mac OS X, and Linux (Any) |
| 1-10 | SOC Prime Uncoder AI | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Splunk Enterprise | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Tines.com Cloud SOAR | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Trend Micro Cloud One | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Ubuntu Desktop LTS 22.04+ | Windows, Mac OS X, and Linux (Any) |
| 1-10 | Wazuh Server and EDR | Windows, Mac OS X, and Linux (Any) |
Dennis Chow is an experienced security engineer and manager who has led global security teams in multiple Fortune 500 industries. Dennis started from a IT and security analyst background working his way up to engineering, architecture, and consultancy in blue and red team focused roles. Dennis is also a former AWS professional services consultant that focused on transforming security operations for clients.