Skip to main content
Advanced ~24 hours
🛡️ Security Engineer

Detection Rules Library (Sigma)

Build a library of Sigma detection rules for AWS/cloud and ship them as detection-as-code with tests.

SigmaSplunk or ElasticPython for testsGitHub Actions

About this project

Detection engineering is the modern SOC discipline. This project teaches: log source modeling, rule writing in Sigma (vendor-neutral), test-driven detection development, and CI for detection content. Build 15+ rules covering AWS, Azure, or GCP threat patterns, with unit tests against simulated log events.

Why build this in 2026?

Detection-as-code is the modern SOC pattern. Engineers who do this well are heavily recruited.

What you'll ship

  • GitHub repo with 15+ rules
CI that runs rule tests
Documentation per rule

Sign up to see the full project brief

Full deliverables, success criteria, and AI Career Tutor support — free.

Sign up free Already have an account? Sign in

You'll unlock:Complete project brief, AI tutor that knows this project, and progress tracking when you start.

Skills you'll practice

securitypythonsiem