Learn how GitLab's Signals Engineering team uses our AI platform to automatically surface detection gaps from security incidents — no manual review required.

GitLab is a complete DevOps platform delivered as a single application, offering integrated tools for version control, CI/CD, issue tracking, and collaboration. Users can learn about GitLab's DevOps workflow, CI/CD pipelines, and collaboration features to streamline their software development lifecycle and accelerate delivery.

GitLab

GitLab's Signals Engineering team automated post-incident detection gap analysis using GitLab Duo Agent Platform. The workflow uses two agents: the built-in Security Analyst Agent for quick first-pass reviews, and a custom Detection Engineering Assistant built with a detailed system prompt encoding team-specific context including SIEM log sources, detection philosophy, and MITRE ATT&CK mapping. The custom agent reads closed incident issues and produces structured gap reports with ATT&CK technique IDs, missed detection descriptions, relevant log sources, and recommended detection approaches. Key lessons include treating the system prompt as a living document, improving incident documentation quality, and using the agent as a force multiplier rather than a replacement for human engineers.

Automating detection gap analysis with GitLab Duo Agent Platform

2. Building the Detection Engineering Assistant