| @@ -221,6 +221,18 @@ | ||
| <div class="shead"><span class="idx mono">02</span><h2>Security Labs</h2><span class="rule"></span></div> | ||
| <div class="cards"> | ||
| + | <a class="card" href="https://github.com/zionboggan/detection-as-code"> | |
| + | <div class="thumb"><img loading="lazy" src="assets/detection.png" alt="One Sigma rule compiled to Splunk, Sentinel KQL and Elastic ES|QL"></div> | |
| + | <div class="body"> | |
| + | <h3>Detection-as-Code</h3> | |
| + | <p>Sigma rules mapped to MITRE ATT&CK, linted and tested in CI, and compiled to | |
| + | Splunk, Elastic, and Microsoft Sentinel KQL - one rule, every SIEM. Detection | |
| + | engineering done as a pipeline, not a console click.</p> | |
| + | <div class="tags"><span>Sigma</span><span>Splunk</span><span>Sentinel KQL</span><span>Elastic</span></div> | |
| + | <span class="lnk mono">detection-as-code</span> | |
| + | </div> | |
| + | </a> | |
| + | ||
| <a class="card" href="https://github.com/zionboggan/soc-automation-lab"> | ||
| <div class="thumb"><img loading="lazy" src="assets/soc.png" alt="Wazuh Threat Hunting dashboard with MITRE ATT&CK mapping"></div> | ||
| <div class="body"> |