Query Comms: Feb 3 - Feb 7
What’s new in Open Cybersecurity Schema Framework (OCSF) version 1.4.0
OCSF 1.4 has dropped and it is bigger, better...and a lot deeper. Plus, it has drones!!
Key changes, with details in the blog:
Check it out!
FS-ISAC 2025 Americas Spring Summit
We’re excited to have been selected to the FS-ISAC Spring Summit Tempt the Titans program with our own CISO Neal Bridges talking Query Federated Search with a panel of CISOs in the main hall!
Request a meeting:
FS-ISAC Spring Summit March 9-12, New Orleans Don’t miss Neal at 1:40pm on Tuesday the 11th in the Main Hall.
Other upcoming events:
Compliance Week National Conference April 28 - 30, Washington DC CISO Neal Bridges speaking
RSA Conference April 28 - May 1, San Francisco It’s RSA. We’ll be there. Let’s meet.
领英推荐
ClickHouse Cloud Connector Integrated Into Query Federated Search
?SOC Manager: So how’s the merger looking, do you think we are almost done?
? CISO: From my perspective, we are good to go, the longer part is integrations with the shared services and product teams. Big Rocket Co. does make hardware after all, they did not have a huge IT or cybersecurity footprint.
?? SOC Manager: So what are we doing with their Google Chronicle deployment? Are we going to keep that?
?? CISO: While it is tempting to do so, I had you folks get off of our last SIEM, doesn’t make sense to go back. I have been talking with the Data & Analytics team, they have rolled out ClickHouse Cloud, ever heard of it?
?? SOC Manager: In passing maybe, it’s an OLAP database right?
?? CISO: Exactly. It’s well suited for near real-time analytics workloads. Since we have different data volume needs it would be great if the slower stuff made it to the data lake and the faster stuff into ClickHouse Cloud - we should do a POV - what do you think?
?? SOC Manager: Yeah, we freed up resources from the M&A side, and we have everything in Query Federated Search. How hard is it to get data in it, our Detection Engineering team won’t be thrilled.
?? CISO: Very easy from what I understand. Writing is quick, they support DataFrames so it should be easy to port Parquet over and repurpose the enrichment pipelines your team worked on before Query integrated with MISP.
?? SOC Manager: Wow, I wonder how many other CISOs know what a DataFrame or OLAP is…
?? CISO: Chuckles I better not say! Anyway, reach out to Query, I bet it’s on their roadmap knowing them.
[SOME TIME LATER…]
?? SOC Manager: You were right, Query is actually working on it now. We can probably get on a demo with them to show us how it works and talk through the right fit for the right data.
?? CISO: Yeah, that would be great. I am working with them on doing a Security Data Operations Workshop. It would be great to talk more strategically about different data volumes and fitting them to the right repos for federation. Hey, what the heck is that?!
?? SOC Analyst #3: The magic conch says legacy SIEM flees in the sight of highspeed OLAP workloads!
?? CISO: Uhh…oh right - ahem - ALL HAIL THE MAGIC CONCH!
?? All SOC: HAIL! HAIL