Open Source GitOps for Detection Engineering

Presented at BSidesLV 2023, Aug. 9, 2023, 11:30 a.m. (Unknown duration)

Detection engineering is a key aspect of modern security operations, but implementing effective detection strategies can be complex and time-consuming. This talk will introduce an open-source GitOps framework that enables security teams to manage their detection rules and policies efficiently. GitOps is a methodology that streamlines the management of infrastructure and applications using configuration files managed in Git as the source of truth. With GitOps, teams can version control their entire detection infrastructure, including detection rules, alerts, and remediation workflows. The open source GitOps framework we will discuss offers several advantages for detection engineering. First, it allows security teams to collaborate and manage their detection infrastructure in a more agile and effective manner. Second, it provides greater transparency and auditability, enabling teams to track changes to their detection infrastructure over time. Third, it enables automated deployment of detection rules and policies, reducing the risk of human error and improving the speed of response to security threats. Live demos and configuration samples will be provided to demonstrate the implementation of this framework with osquery, Fleet, and Matano.

Presenters:

• Zach Wasserman
  Zach Wasserman is the co-founder & CTO at Fleet Device Management where he leads the team in bringing open source solutions to security and IT teams. He is also a co-creator of osquery and member of the technical steering committee. If it weren't August in Vegas, he'd be out climbing at Red Rock Canyon.

Links:

• https://www.bsideslv.org/talks#WHWYJD

Similar Presentations:

• BSidesSF 2022 Rescheduled / Detection-as-code: Why it works and where to start
• GrrCON 2019 / Breaking NBAD and UEBA Detection
• DEF CON 18 (2010) / Open Source Framework for Advanced Intrusion Detection Solutions