A system for testing an alerting pipeline of a security network can include a synthetics computing device, a network analysis computing device, and an alerting computing device. The synthetics computing device can generate a synthetic event, a non-malicious version of an actual security event, to test one or more detection signatures of the security network and inject the synthetic event into a network log of events. The network analysis computing device can scan the network log of events, identify an event that triggers a detection signature of the security network, identify the event as the injected synthetic event, and generate a notification identifying the synthetic event and an associated detection signature triggered in response to the injected synthetic event. The alerting computing device can receive the notification and flag the synthetic event. The synthetics computing device can also validate the flagged synthetic event.