Skip to content

AlbinoGazelle/building-a-detection-engine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
osquery
osquery
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
collection.tf
collection.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Building a Detection Engine

This repository holds the infrastructure to build the Detection Engine I'm in the process of creating in my ongoing "Building a Detection Engine" blog series.
Part 1: What is a Detection Engine?
Part 2: Collection

Usage

Clone Repository

git clone https://github.com/AlbinoGazelle/building-a-detection-engine.git

Update Variables.tf
Update bucket_name and tf_iam_profile in variables.tf to match your environment. bucket_name must be a globally unique S3 bucket name and tf_iam_profile must be the name of an existing set of IAM credentials.

Initialize Terraform

terraform init

Plan Infrastructure

terraform plan

Generate Infrastructure

terraform apply

Destroy Infrastructure

terraform destroy

About

Repository for the Terraform code outlined in my blog series on building a detection engine.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages