DaC Reference
================================
Detections as Code
Elastic Reference
_______________
Managing Elastic Security Security Detection Rules Using DaC
⚠️ Note: The alpha detection-rules DAC-feature branch, content within these slides, and this reference guide are subject to change. Once we finally migrate the changes to the main branch, we will update the content accordingly.
Documentation
- DaC Concept and Workflows
- Core components and Governance Models of DaC
- Internals of the detection-rules Repo and How it is Used Internally
- Core Component: Managing Detection Rules in a VCS
- Overview
- Considerations
- Sub-Component 1: Elastic Detection Rules Repo and Usage
- Sub-Component 2: Incorporating Custom Rules
- Sub-Component 3: Creating Detection Rules
- Sub-Component 4: Rule Versioning
- Sub-Component 5: Exceptions and Actions
- Sub-Component 6: Unit testing
- Sub-Component 7: Rule Schema Validation
- Sub-Component 8: Detection Logic Validation
- Core Component: Syncing Rules and Data from VCS to Elastic Security
- Core Component: Managing Detection Rules in Elastic Security
- Core Component: Syncing Rules and Data from Elastic Security to VCS
- E2E Reference
- Feedback and Resources
- Known Limitations Using Elastic’s detection-rules DAC Approach
- About this guide and project
- Frequently Asked Questions
