Detection rules

Author, test, and operate detection logic across log sources. Rules run continuously against ingested telemetry and emit alerts when triggered.