Blogs
November 6, 2024 / December 13, 2024 by Jonathan Rau | Leave a Comment
Map stuff real good, by the Query SecDataOps Goons Introduction The Open Cybersecurity Schema Framework (OCSF) is an open-source and collaborative effort across the industry to define a vendor- and platform-agnostic schema for security and IT observability data. It has been contributed to by Query, Amazon Web Services (AWS), Splunk, Cisco, Crowdstrike, and several dozen […]
Read more »
September 25, 2024 / September 26, 2024 by Jonathan Rau | Leave a Comment
Introduction Amazon Web Services (AWS) Transit Gateway (TGW) is an AWS that acts as a highly scalable cloud network router. Released in November 2018, TGW allows you to connect many different Amazon Virtual Private Clouds (VPCs), AWS Direct Connect (DX) Gateways, and AWS Site-to-Site VPNs together in a centralized hub. This greatly simplifies hybrid and […]
September 18, 2024 / September 25, 2024 by Jonathan Rau | Leave a Comment
Introduction The most effective Security Operations (SecOps) teams are those who harness and operationalize their data. This Security Data Operations (SecDataOps) process is long and fraught with pitfalls and dogmatic debates over data repositories, making it far too easy to become stuck and unsure where to progress. The easiest way to start is with Exploratory […]
June 11, 2024 / June 11, 2024 by Jonathan Rau | Leave a Comment
Today, Query is announcing and making available as an open source tool, Query Open Pipeline (QOP). Query Open Pipeline will initially have support for CrowdStrike Falcon Data Replicator. QOP is an AWS native data mobility solution. It allows CrowdStrike Falcon Data Replicator ETL into the Amazon Security Lake, which provides automatic partitioning, format conversion, and […]
March 11, 2024 / March 12, 2024 by Jonathan Rau
Partitioning your data is one of the most important things you can do to improve the query performance of your data lake in Amazon S3. When building tables in AWS Glue Data Catalog and querying with Amazon Athena, as your data volumes grow, so do your query wait times.In this blog you will learn how […]
February 19, 2024 / May 2, 2024 by Jonathan Rau
Data exhaust is increasing exponentially, and the variety and volume of this data has shown no indication of slowing down. Even the lowly Ubuntu OS or simple containerized workload running in Kubernetes can produce all sorts of user, system, infrastructure, authentication, and networking logs. This data increase necessitates security teams become SecDataOps teams. By using […]
November 14, 2023 / November 6, 2024 by Jonathan Rau
Public cloud and networking make for odd bedfellows. Cloud networking is not just the virtualization of networking. In traditional setups, appliances and network taps are used to monitor traffic, but in cloud environments, this is virtualized, making direct monitoring more complex. At the OSI Layers 1 through 4 you’d be able to directly tap appliances […]
