DaC Repo to store the reference documentation and detection-rules management with Elastic rules.
MIT License
This repository is dedicated to the management of Elastic Security SIEM Rules using the Detections as Code (DaC) methodology. DaC applies software development best practices to the creation, management, and deployment of detection rules, allowing organizations to leverage version control systems, automate testing and deployment processes, and ensure consistency and accuracy across their security infrastructure.
The DaC approach enhances collaboration among security teams, streamlines updates, and facilitates a more agile response to evolving threats. This repository serves as a comprehensive resource for adopting DaC in managing Elastic Security rules, enabling you to automate rule deployments, enhance rule validation processes, or streamline rule versioning and exception management.
Key aspects covered include:
This guide offers a modular set of practices and components for detection rule management. You're encouraged to select and combine options relevant to your specific needs and operational context, customizing your workflow for rule management.
To effectively use this repository, you will need:
To get started with this project run the following commands:
Clone the Repository:
# Clone the repository
git clone https://github.com/elastic/DaC-Reference
cd DaC-Reference
# Install dependencies with Poetry
poetry install
Edit or Add Documentation Files: Navigate to the docs
directory and update existing or add new documentation files. Documentation source files can be in reStructuredText (.rst
) or Markdown (.md
) formats, thanks to the MyST-Parser.
Build the Documentation Locally: To build your documentation and see your changes locally, run the following command:
poetry run build-docs -b html docs docs/_build
This command uses Poetry to invoke Sphinx, building the HTML documentation from the source files in the docs
directory into the docs/_build
directory. You can view the built documentation by opening the docs/_build/index.html
file in a web browser.
Commit Your Changes: After updating the documentation and verifying your changes locally, commit the changes to your documentation source files to your git repository:
git add docs/
git commit -m "Update documentation"
git push origin main
For more commands and project details, refer to the project's documentation and pyproject.toml
.
Everything in this repository is licensed under the License.