Category: Use Case

Sessionize Heterogeneous Event Types With This One Weird Trick

Context makes all of the difference for alert disposition and adjudication. Having all related events readily available shortens the decision cycle and eases the cognitive load associated with finding sufficient evidence to inform judgement. I have already discussed how important it is to front-load event processing inside the utility stack, but have not shown how you can connect those two goals to make it possible. How I Learned to Stop Worrying and Love the community_id Analysts typically rely on comparisons of equality (or approximate equality) for stitching more than one record together to form context around an…

Leaky Secrets in Git - Instrumentation and Response

How Bad Can it git? A recent research paper described a rigorous empirical study on the rate at which secrets (cryptographic keys, API credentials, etc.) are inadvertently leaked through SCM (source code management) tools to GitHub. The numbers they found were alarming. The research team identified hundreds of thousands of secrets in the public Github BigQuery dataset using simple search techniques. Additionally, they identified thousands of secrets per day using automated searches against the Github API. How Does this Happen? Mistaken Beliefs and Improper Usage Developers, operators, and administrators can often misjudge the level of exposure that…