How to Build a Threat Detection Pipeline from Scratch (Like a Cyber Ninja!)
1 min read
Summary
A threat detection pipeline can be likened to a surveillance system for devices in a digital kingdom, says the author of the article.
Such a pipeline consists of logs being fed into the system, these are then analysed, alerts being generated where necessary, and even automatic responses to potential threats.
While this is not a magic process, the creation of a fully operational threat detection pipeline from scratch is complex and extensive.
This article intends to give an understanding of how this is done.
To do this, the author explains the use of vernals, a high-level modular framework which allows for the visualisation and pipelining of data.
After an explanation of the installation and use of vernals, the author then suggests ways of expanding the framework to cater for more sophisticated logging mechanisms.
The conclusion is that the threat detection pipeline process is intricate, and requires a systematic logical approach, coupled with a good knowledge of Python and security testing.