← All writing
Detection Engineering·Mar 22, 2026·11 min read
Detection-as-Code with Cribl, Elastic, and Splunk
Routing pipelines and version-controlled correlation rules turned our detection content from tribal knowledge into something we can test and ship.
Detection content has a nasty habit of living in people's heads. The senior analyst knows why a rule exists; when they leave, the knowledge leaves with them.
Treating detection as code — version-controlled rules, data-routing pipelines in Cribl, and tested logic across Elastic and Splunk — is how you fix that.
Next up →