Detection Rules as Code

Collaborate on, review, and continuously test detection rules.

What is detection rules as code?

Users can define detection rules in YAML files and use GitHub to manage detection rules. This allows teams to collaborate on detection rules and review changes.

Scanner provides a GitHub integration for syncing detection rules. Users can connect their GitHub repositories to Scanner and Scanner will automatically sync detection rules from GitHub.

Scanner's detection rules as code feature also allows for tests to be specified in the YAML files. The tests are run in Scanner and must pass before detection rules are synced.

To get started, see Getting Started.

PreviousScanner Notebooks on Github NextGetting Started

Last updated 1 month ago