From d21a599a5954ebcff1837425a3d4267244b91deb Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Sat, 22 Mar 2025 14:30:31 -0400 Subject: [PATCH 1/3] First draft --- .../security/detect-and-alert/manage-detection-rules.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/solutions/security/detect-and-alert/manage-detection-rules.md b/solutions/security/detect-and-alert/manage-detection-rules.md index fde092f3f7..ff9a2ab620 100644 --- a/solutions/security/detect-and-alert/manage-detection-rules.md +++ b/solutions/security/detect-and-alert/manage-detection-rules.md @@ -258,3 +258,11 @@ You can also check rules' related integrations in the **Installed Rules** and ** ::::{tip} You can hide the **integrations** badge in the rules tables by turning off the `securitySolution:showRelatedIntegrations` [advanced setting](/solutions/security/get-started/configure-advanced-settings.md#show-related-integrations). :::: + +## Managing detection rules as code [manage-rule-dac] + +Utilize the [Detection-as-Code](https://dac-reference.readthedocs.io/en/latest/dac_concept_and_workflows.html) (DaC) principles to externally manage your detection rules. + +The {{elastic-sec}} Labs team uses the [detection-rules](https://github.com/elastic/detection-rules) repo to develop, test, and release {{elastic-sec}}'s[ prebuilt rules](https://github.com/elastic/detection-rules/tree/main/rules). The repo provides DaC features and allows you to customize settings to simplify the setup for managing user rules with the DaCe pipeline. + +To get started, refer to the [DaC documentation](https://github.com/elastic/detection-rules/blob/main/README.md#detections-as-code-dac). \ No newline at end of file From 1e9219c3578328c1677f42ed7b3e06f60b920b60 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Sat, 22 Mar 2025 14:33:09 -0400 Subject: [PATCH 2/3] Title --- solutions/security/detect-and-alert/manage-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/detect-and-alert/manage-detection-rules.md b/solutions/security/detect-and-alert/manage-detection-rules.md index ff9a2ab620..3f9ab122dc 100644 --- a/solutions/security/detect-and-alert/manage-detection-rules.md +++ b/solutions/security/detect-and-alert/manage-detection-rules.md @@ -259,7 +259,7 @@ You can also check rules' related integrations in the **Installed Rules** and ** You can hide the **integrations** badge in the rules tables by turning off the `securitySolution:showRelatedIntegrations` [advanced setting](/solutions/security/get-started/configure-advanced-settings.md#show-related-integrations). :::: -## Managing detection rules as code [manage-rule-dac] +## Manage rules as code [manage-rule-dac] Utilize the [Detection-as-Code](https://dac-reference.readthedocs.io/en/latest/dac_concept_and_workflows.html) (DaC) principles to externally manage your detection rules. From b52f8b218ea860271bb778c4f22bc531e8ab82a4 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 25 Mar 2025 16:14:25 -0400 Subject: [PATCH 3/3] Moved locations --- solutions/security/detect-and-alert.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/solutions/security/detect-and-alert.md b/solutions/security/detect-and-alert.md index ecfeea2ee4..2de0824cbe 100644 --- a/solutions/security/detect-and-alert.md +++ b/solutions/security/detect-and-alert.md @@ -102,3 +102,10 @@ Depending on your privileges and whether detection system indices have already b To learn how your rules and alerts are affected by using the [logsdb index mode](/manage-data/data-store/data-streams/logs-data-stream.md), refer to [Using logsdb index mode with {{elastic-sec}}](/solutions/security/detect-and-alert/using-logsdb-index-mode-with-elastic-security.md). +## Manage rules as code [manage-rule-dac] + +Utilize the [Detection-as-Code](https://dac-reference.readthedocs.io/en/latest/dac_concept_and_workflows.html) (DaC) principles to externally manage your detection rules. + +The {{elastic-sec}} Labs team uses the [detection-rules](https://github.com/elastic/detection-rules) repo to develop, test, and release {{elastic-sec}}'s[ prebuilt rules](https://github.com/elastic/detection-rules/tree/main/rules). The repo provides DaC features and allows you to customize settings to simplify the setup for managing user rules with the DaCe pipeline. + +To get started, refer to the [DaC documentation](https://github.com/elastic/detection-rules/blob/main/README.md#detections-as-code-dac).