The Always-On Purple Team: An Automated CI/CD for Detection Engineering

Posted on in Presentations

These speakers will share tips on building the always-on purple team! This session will present an innovative architecture that merges industry-leading SOC technologies, SIEM/XDR, SOAR, BAS, and a pinch of ChatGPT. The result is a detection engineering CI/CD pipeline that can automatically create, test, and deploy detection analytics. The proof is in the pudding: Live demo included!

Stephen Sims


Offensive Operations Curriculum Lead and Fellow, SANS Institute

Erik Van Buggenhout


Director, NVISO & SANS Institute

Share With Your Community