Watch the stream
This talk covers a big Security Operation Center (SOC)’s journey through maturing our detection engineering practice by implementing detection as code (DaC) principles.
What we will cover: 1. Our starting point (where a lot of SOCs are): no DaC, manually modifying rules in a SIEM; 2. What is DaC and why it’s a game-changer for detection engineers; 3. Why we chose Sigma as the backbone of our DaC practice; 4. Our gradual transition to DaC 5. A real case study of how Sigma + DaC made changing SIEM so much easier.
Intended audience: people who create or manage detection rules in a SOC, people who want to increase the quality and stability of the rules you maintain and people who are interested in how DevOps principles can be applied to security operations.
Émilio Gonzalez Blue Teamer,
Émilio works at a large Canadian organization doing software development, detection engineering and incident response. He's a co-organizer of MontréHack (a monthly cybersecurity workshop) and NorthSec's VP CTF.
Outside the cybersecurity world, he's passionate about urbanism and the economics of housing. He will gladly explain how exclusionary zoning and parking mandates are the reasons you can't buy a home to anyone who dare ask.