DaC Reference
================================
Detections as Code
Elastic Reference
_______________
Managing Elastic Security Security Detection Rules Using DaC
⚠️ Note: The alpha detection-rules DAC-feature branch, content within these slides, and this reference guide are subject to change. Once we finally migrate the changes to the main
branch, we will update the content accordingly.
- DaC Concept and Workflows
- Core components and Governance Models of DaC
- Internals of the detection-rules Repo and How it is Used Internally
- Core Component: Managing Detection Rules in a VCS
- Overview
- Considerations
- Sub-Component 1: Elastic Detection Rules Repo and Usage
- Sub-Component 2: Incorporating Custom Rules
- Sub-Component 3: Creating Detection Rules
- Sub-Component 4: Rule Versioning
- Sub-Component 5: Exceptions and Actions
- Sub-Component 6: Unit testing
- Sub-Component 7: Rule Schema Validation
- Sub-Component 8: Detection Logic Validation
- Core Component: Syncing Rules and Data from VCS to Elastic Security
- Core Component: Managing Detection Rules in Elastic Security
- Core Component: Syncing Rules and Data from Elastic Security to VCS
- E2E Reference
- Feedback and Resources
- Known Limitations Using Elastic’s detection-rules DAC Approach
- About this guide and project
- Frequently Asked Questions