Automating Security Detection Engineering by Dennis Chow
Author:Dennis Chow
Language: eng
Format: epub, pdf
Publisher: Packt Publishing Pvt Ltd
Published: 2024-05-23T00:00:00+00:00
Validating syntax and linting
Up until this chapter, we have been focused on the development of our detection use cases and then deployment. As your team is likely to grow, we also need scalable and consistent ways to further enforce best practices, and, in some cases, security requirements. In traditional code development, unit testing uses helper scripts to test functions with sample data and get a rational output. In detection engineering, this differs from true functional testing, requiring a more integrated approach depending on the security tool type. For example, a SIEM or CNAPP requires logs and is unlikely to have a quick installation that can be sampled in an ephemeral CI runner.
Using some types of detections for full testing increases the cost of ownership, where you are either being billed more compute time with GitHub-hosted runners or you are self-hosting and self-administrating infrastructure. I have found that unit-level tests are optimal for security technologies, as they have a local binary that can emulate input with minimal or static configuration needs. Unit logic tests and syntax validation are easier to write for security solutions that donât correlate or need too much parsing and external system interpretation. We suggest that newer detection engineering teams should start with EDR and NDR solutions.
Although EDR and NDR detections may seem limited for unit-level validation compared to log and posture checking solutions, they are more practical for local validation with minimal computation, which are more economical to test compared to high-traffic and configuration-dependent tests.
When scoping unit-level logic, we can start with basic syntax validation. There are pre-built linting tools for common language formats known to the development community, such as the following:
Language
Linter Name
Link
Download
Automating Security Detection Engineering by Dennis Chow.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| Cryptography | Encryption |
| Hacking | Network Security |
| Privacy & Online Safety | Security Certifications |
| Viruses |
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(6197)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(5896)
Machine Learning Security Principles by John Paul Mueller(5879)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(5537)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(5519)
Solidity Programming Essentials by Ritesh Modi(3835)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3482)
Mastering Python for Networking and Security by José Manuel Ortega(3318)
Future Crimes by Marc Goodman(3309)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3309)
Blockchain Basics by Daniel Drescher(3272)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3191)
Learn Computer Forensics - Second Edition by William Oettinger(2988)
Mobile App Reverse Engineering by Abhinav Mishra(2863)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2837)
The Code Book by Simon Singh(2772)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2760)
Incident Response with Threat Intelligence by Roberto Martínez(2680)
The Art Of Deception by Kevin Mitnick(2582)
