In Part 7, we showcased how we can leverage automation to continuously monitor the performance and trigger rate of our deployed detections. In this part, we are going to investigate how we can introduce automation and utilize continuous deployment pipelines to streamline the tedious task of tuning our detections.
Tag: Azure DevOps
Detection Engineering: Practicing Detection-as-Code – Monitoring – Part 7
In this part, we are going to introduce automation to effectively monitor our deployed detections. By setting up automations at this phase we adopt a proactive approach towards maintenance, allowing our team to take action before a blowout of alerts or an untuned detection is escalated by the SOC.
Detection Engineering: Practicing Detection-as-Code – Versioning – Part 5
Versioning in the detection library is crucial for maintaining traceability and tracking changes to individual detections and content packs. It enables us to pinpoint the exact state of specific detections at a given point in time, provides a clear history of updates, and facilitates troubleshooting and debugging by identifying which version introduced particular changes.



