A SIEM developer goes fishing in the data lake. What happens next?

7 min readOct 24, 2022

--

TLDR: he misses a flow-based functional processing language.

Before getting into the topic, let me provide you some background and motivation, especially if you are about to embark on the 'Data Lake' wagon aiming at security use cases (SIEM).

The SIEM is not the default gateway for log data

Alex Teixeira

Written by Alex Teixeira

I design and build threat detection models and triage/hunting interfaces for Enterprise #SecOps teams #DetectionEngineering http://opstune.com

More from Alex Teixeira

Alex Teixeira

RATs Race: Detecting remote access tools beyond pattern-based indicators

This is a post to highlight the importance of rich telemetry and how it serves well for strengthening alert signals when coupling static…

11 min readApr 26

--

Alex Teixeira

The dotted lines between Threat Hunting and Detection Engineering

There's no way out, the practices of Detection Engineering and Threat Hunting are becoming utterly important within a Cyber Security…

5 min readFeb 25

--

Alex Teixeira

A Research-Driven process applied to Threat Detection Engineering Inputs

This article is an evolution of a previous one I wrote on Jira Workflows for Detection Engineering teams but more focused on the detection…

4 min readMar 5

--

Alex Teixeira

JIRA workflow for Detection Engineering teams

Threat Detection Engineering practice seems to be evolving. Not only because of easier log management methods and platforms, but because…

4 min readNov 22, 2019

--

See all from Alex Teixeira

Recommended from Medium

Alex Teixeira

Threat Detection Bad Trips: Log Everything!

Alright, this is a public service for SIEM engineers. How many times you've heard that answer when someone asks 'What should be logged?'…

3 min readMar 14

--

The PyCoach
in
Artificial Corner

You’re Using ChatGPT Wrong! Here’s How to Be Ahead of 99% of ChatGPT Users

Master ChatGPT by learning prompt engineering.

7 min readMar 17

--

Lists

Staff Picks

323 stories82 saves

Stories to Help You Level-Up at Work

19 stories51 saves

Self-Improvement 101

20 stories100 saves

Productivity 101

20 stories106 saves

David Matousek
in
Product Cybersecurity

3 Tips for Aligning Business Vision to Cybersecurity Strategy

Leaders want measurable data about cybersecurity’s progress toward creating value aligned to the business vision. They do not necessarily…

6 min readMar 13

--

Adam Goss

The Almighty Pyramid of Pain

Hey friend, welcome back! Today we will be taking a look at “The Pyramid of Pain” and how you can make bad guys cry.

7 min readJan 24

--

Taimur Ijlal

Is the CISSP certification still worth it in 2023 ?

Spoiler alert: yes it is !

5 min readJan 22

--

Taimur Ijlal
in
Towards AI

Will AI replace Cybersecurity jobs ?

Do cybersecurity jobs have a limited lifespan as AI becomes better and better at securing stuff ?

6 min readJan 26

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech