diff --git a/pkgs/tools/security/threatest/default.nix b/pkgs/tools/security/threatest/default.nix
new file mode 100644
index 000000000000..8af45fd580de
--- /dev/null
+++ b/pkgs/tools/security/threatest/default.nix
@@ -0,0 +1,26 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "threatest";
+  version = "1.1.0";
+
+  src = fetchFromGitHub {
+    owner = "DataDog";
+    repo = pname;
+    rev = "refs/tags/v${version}";
+    hash = "sha256-ehyE19VGSLykJUOXoYMFr2Y82Bwpj2ZK5//VJybVAtk=";
+  };
+
+  vendorHash = "sha256-vTzgxByZ2BC7nuq/+LJV7LR0KsUxh1EbHFe81PwqCJc=";
+
+  meta = with lib; {
+    description = "Framework for end-to-end testing threat detection rules";
+    homepage = "https://github.com/DataDog/threatest";
+    changelog = "https://github.com/DataDog/threatest/releases/tag/v${version}";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 173dd01288bd..1f3d20f8c7ca 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -12033,6 +12033,8 @@ with pkgs;
 
   thinkpad-scripts = python3.pkgs.callPackage ../tools/misc/thinkpad-scripts { };
 
+  threatest = callPackage ../tools/security/threatest {  };
+
   threema-desktop = callPackage ../applications/networking/instant-messengers/threema-desktop { };
 
   tidy-viewer = callPackage ../tools/text/tidy-viewer { };