The practice of treating SIEM detection rules as code: versioned, tested, deployed via CI.
Detection-as-Code applies software engineering practices (source control, code review, automated tests, CI/CD) to SIEM detection rules. Rules live in a git repository, changes go through pull requests with peer review, and a deployment pipeline pushes them to the production SIEM.
The benefits over click-ops rule editing are auditability (who changed what when), reproducibility (same rule deploys the same way to dev / staging / prod), and the ability to test rules against synthetic data before they go live. CloudSigma is built on this premise.