

EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise
11 snips Jun 23, 2025
David French, a Staff Adoption Engineer at Google Cloud, dives into the intriguing world of 'detection as code.' He clarifies its real meaning and its advantages for security teams, discussing how a software engineering approach can enhance detection processes. Topics include the significance of robust testing methods, the challenges of working with limited API support, and the importance of standardizing detection rules. French also advocates for collaborative sharing of detection content, blurring the lines between traditional alert handling and an engineering-like mindset.
AI Snips
Chapters
Books
Transcript
Episode notes
Detection as Code Defined
- Detection as code applies software engineering principles to managing detection content effectively.
- It uses code repositories and CI/CD pipelines to enforce testing and review before deployment.
Manage Detection Like Prevention
- Treat detection content with change control and review like preventative controls.
- Centralize detection rules to improve coverage, knowledge documentation, and reduce errors.
Code Practice Over Coding Language
- Detection as code focuses more on disciplined management and orchestration than actual coding.
- Not all detection work requires coding in languages like Python; software engineering practices matter more.