kyrrewk·قبل سنتين·discussthis is cool! wish there was a commerical product that did this. marimo does something similar, but you have to do the deployment yourself
kyrrewk·قبل 5 سنوات·discussa detection is typically a rule that describes known bad or suspicious behaviour. all simple rule would just be a list of malware hashes or domain namesso instead of writing rules using tools such as YARA: https://github.com/fireeye/sunburst_countermeasures/blob/mai... (sunburst) they want to write them in python
kyrrewk·قبل 5 سنوات·discusspanther looks very interestingi'm trying to evaluate solutions in this space and these are the ones i am aware of: chronicle security, panther and graplotherwise i have seen teams build their custom platform using databricks (apple did this), snowflake, or some other cloud-native data warehouse/lakeany others around?