Community Webinar: IaC For Threat Detection: Operationalizing OSINT Into Google SecOps Rules

Join us in this webinar to discover how to rapidly close the gap between receiving FBI threat intelligence and deploying effective defenses. This session demonstrates a complete workflow for transforming open-source FLASH reports into production-ready SecOps detection rules using Infrastructure as Code (Terraform). Through a real-world case study of the UNC6040/UNC6395 Salesforce compromise, you will learn to treat security detections as scalable software artifacts, significantly reducing operationalization time from days to hours while ensuring consistency across your environments.

Topics Covered

• Operationalizing Threat Intel: The complete end-to-end workflow for transforming FBI FLASH reports into active SecOps detection rules.

• Infrastructure as Code (IaC) for Security: Strategies for deploying detections via Terraform to scale defenses and prevent configuration drift.

• Real-World Case Study: A practical walkthrough of detecting the recent UNC6040/UNC6395 Salesforce compromise campaign.

• Detection Engineering Deep Dive:

  • Systematic extraction and categorization of IOCs and TTPs.

  • Building effective behavioral detection logic.

  • Overcoming technical challenges in YARA-L, such as handling repeated fields.

• Terraform Management: Best practices for configuring SecOps resources, managing rule dependencies, and updating reference lists programmatically.

• Rapid Deployment Methodologies: Techniques using reusable modules to reduce threat intel operationalization time from days to hours.