Generally, we do not see a full dev/prod deployment just for testing detections. Most teams rely on the unit testing built into the UI or the panther_analysis_tool
to ensure their detections are working properly. One thing we have seen is when new detections are written their destination is set to a specific “dev” destination (e.g. a slack channel that is muted or a dummy email that no one watches). Then after a few days, you can go check to see if it would have alerted on anything, and if so to a reasonable degree.