SA3: Mission SIEMPossible: From Legacy SIEM to Detection-as-Code

Thursday, June 8, 2023 3:45 PM - 4:15 PM

Exhibit Hall Stage A


SIEMs have evolved over the past few decades due to the evolving threat landscape, increasingly complex architectures, and ever-increasing data volume and velocity. In this session, we will cover the history of SIEMs and introduce a new strategy leveraging the concept of detection-as-code to optimize detections and threat hunting. Taking a detection-as-code approach will show how to use a language most already know — Python and SQL. Leveraging the detection-as-code approach, we will also show how to write detections, test them, and introduce software development lifecycle best practices that can be used for version control, collaboration, and integration with your CI/CD pipeline.