DaC Reference
================================
Detections as Code
Elastic Reference
_______________
Managing Elastic Security Security Detection Rules Using DaC
⚠️ Note: The Detection Rules DaC feature is still in Beta. This phase includes continued testing to include edge cases and feedback from the community. This reference guide, content within these slides, and associated content are subject to change.
- DaC Concept and Workflows
- Core components and Governance Models of DaC
- Internals of the detection-rules Repo and How it is Used Internally
- Core Component: Managing Detection Rules in a VCS
- Overview
- Considerations
- Sub-Component 1: Elastic Detection Rules Repo and Usage
- Sub-Component 2: Incorporating Custom Rules
- Sub-Component 3: Creating Detection Rules
- Sub-Component 4: Rule Versioning
- Sub-Component 5: Exceptions and Actions
- Sub-Component 6: Unit testing
- Sub-Component 7: Rule Schema Validation
- Sub-Component 8: Detection Logic Validation
- Core Component: Syncing Rules and Data from VCS to Elastic Security
- Core Component: Managing Detection Rules in Elastic Security
- Core Component: Syncing Rules and Data from Elastic Security to VCS
- E2E Reference
- Feedback and Resources
- Known Issues and Limitations Using Elastic’s detection-rules DAC Approach
- About this guide and project
- Frequently Asked Questions