Question 1

How to build a detection and response pipeline from scratch?

Accepted Answer

The project provides a component-based breakdown and tool lists, but for step-by-step guidance, you'll need to consult external resources linked in the README, like the Detection-as-Code blogs or real-world examples from Apple and Netflix.

Question 2

Best open-source tools for security data pipelines?

Accepted Answer

The data pipeline section lists self-hosted options like Vector for data movement and Kafka for stream processing, but selection depends on your specific needs for scalability, transformation, and deployment environment.

Question 3

Elasticsearch or OpenSearch for detection engineering?

Accepted Answer

Both are listed in the detection engine section; Elasticsearch is commonly used with ElastAlert2, while OpenSearch is an open-source fork with security analytics. Choose based on licensing, community support, and integration requirements.

Question 4

How to automate incident response with n8n or Shuffle?

Accepted Answer

n8n and Shuffle are included in the response orchestration table as workflow automation tools. They can be self-hosted, but for implementation details, you'll need to refer to their official documentation, as this project doesn't cover integration specifics.

Question 5

What tools does Netflix use for their SOC pipeline?

Accepted Answer

According to the real-world examples, Netflix uses Kafka, Apache Spark, Elasticsearch, and Slack for their SOCless detection team, but note that this information is from public blogs and may not be current.

Question 6

Self-hosted vs cloud security tools for detection engineering?

Accepted Answer

The project highlights both, with tools like Tenzir for self-hosted data pipelines and AWS Kinesis for cloud. Decision factors include cost, control, compliance, and scalability, but the list doesn't provide comparative analysis.

Detection and Response Pipeline

What is Detection and Response Pipeline?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions