Module 7: Automation, Quality, and Deployment
Build validation pipelines, CI/CD workflows, and API-first deployment — ship detections like software.
Tools:SigmaWazuh
3
Lessons
2
Hands-on Labs
Lessons & Labs
Lesson 7.1 — Building a Validation Pipeline
Syntax checks, semantic validation, MITRE mapping verification, and automated quality gates for detection rules.
Lab 7.1 — Build Quality Gates
Create a validation script that checks Sigma rules for syntax errors, required metadata fields, MITRE mapping, and naming conventions.
Lesson 7.2 — CI/CD for Detection Rules
GitHub Actions workflows, automated testing, deployment gates, and version control for detection-as-code.
Lab 7.2 — CI/CD Pipeline for Detections
Build a GitHub Actions workflow that lints, converts, and validates Sigma rules on every pull request — detection-as-code in practice.
Lesson 7.3 — API-First Rule Deployment
Wazuh Manager API, dry-run concepts, rollback strategies, and programmatic rule management.