Description
This is a blog about adopting the composable data systems approach to building threat detection and response platforms, and security in general.
The name of the blog draws from the work presented by Dominque Brezinski and Michael Armbrust at Spark+AI Summit 2018. Their presentation demonstrated using Apache Spark and Delta Lake to build a scalable platform for threat detection and response.
External resources
Blogs, talks, and tools about modern security platforms:
- Detection at Scale - A weekly newsletter by Jack Naglieri the CTO of Panther
- Scaling Detection and Response Operations at Coinbase (Part 1) - Centralizing contextual information from various log sources and systems to improve alert triage efficiency
- Scaling Detection and Response Operations at Coinbase (Part 2) - Methods for tuning and developing effective detection rules through centralized context
- Scaling Detection and Response Operations at Coinbase (Part 3) - Integrating teams into alert triage and building additional context into detections
- RunReveal Blog - Modern approaches to building SIEMs with detection-as-code, correlated alerting, and automatic enrichments
- Matano - An open source cloud-native security data lake, built for security teams on AWS
- Detection as Code at Datadog - How Datadog implements detection-as-code using infrastructure-as-code principles and CI/CD pipelines