Databricks, profile picture
Uploaded byDatabricks
PDF, PPTX530 views

Enancing Threat Detection with Big Data and AI

The document discusses enhancing threat detection using big data and AI, highlighting Apache Spark's capabilities in stream processing, data handling, and machine learning applications. It emphasizes the importance of big data in AI and security, identifying challenges such as data quality and scalability. The presentation covers practical use cases, such as DNS exfiltration detection, and introduces a delta architecture for reporting and analytics.

Embed presentation

Download as PDF, PPTX
Enhancing Threat Detection with Big Data and AI Michael Armbrust & Burak Yavuz @michaelarmbrust Bay AreaCyber Security Meetup – April 2018
2 About Us Engineers on the StreamTeam @ Committers / PMC Members on Created: • Spark SQL – High-level, declarative queries on big data • Structured Streaming – Low latency, incremental processing • Databricks Delta - Massive Scale, Transactional Cloud Storage
3 Fast and General Cluster Computing Scala SQL EC2 Kubernetes Automatic Parallelism and Fault-tolerance GCP YARN
4 Apache Spark Philosophy Unified engine for complete data applications High-level user-friendly APIs SQLStreaming ML Graph …
5 Write Less Code: Compute an Average private IntWritable one = new IntWritable(1) private IntWritable output = new IntWritable() proctected void map( LongWritable key, Text value, Context context) { String[] fields = value.split("t") output.set(Integer.parseInt(fields[1])) context.write(one, output) } IntWritable one = new IntWritable(1) DoubleWritable average = new DoubleWritable() protected void reduce( IntWritable key, Iterable<IntWritable> values, Context context) { int sum = 0 int count = 0 for(IntWritable value : values) { sum += value.get() count++ } average.set(sum / (double) count) context.Write(key, average) } data = sc.textFile(...).split("t") data.map(lambda x: (x[0], [x.[1], 1])) .reduceByKey(lambda x, y: [x[0] + y[0], x[1] + y[1]]) .map(lambda x: [x[0], x[1][0] / x[1][1]]) .collect() 5
6 Write Less Code: Compute an Average Using RDDs data = sc.textFile(...).split("t") data.map(lambda x: (x[0], [x.[1], 1])) .reduceByKey(lambda x, y: [x[0] + y[0], x[1] + y[1]]) .map(lambda x: [x[0], x[1][0] / x[1][1]]) .collect() Using DataFrames sqlCtx.table("people") .groupBy("name") .agg("name", avg("age")) .collect() 6 Using SQL SELECT name, avg(age) FROM people GROUP BY name
7 Why should I care? As a business analyst, how does help me? data scientist APT HUNTER
8 Lets look at what has been happing in AI…
9 Big Data was the Missing Link for AI BIG DATA Customer Data Emails/Web pages Click Streams Sensor data (IoT) Video/Speech … GREAT RESULTS
10 Hardest part of AI isn’t AI “Hidden Technical Debt in Machine LearningSystems", Google NIPS2015 The hardest part of AI is Big Data ML Code
11 Does the same apply to Security?
12 • Only a few weeks of data • Very expensive to scale • Proprietary formats • No predictions (ML) Messy data not ready for analytics DATA LAKE Complex ETL EDW EDW EDW Incidence Response Alerting Reports SIEM Security Data @ Fortune 100 Company SecurityInfrastructure IDS/IPS, DLP, antivirus, load balancers, proxy servers Cloud Infrastructure& Apps AWS, Azure, Google Cloud, Audit Logs Servers Infrastructure Linux, Unix, Windows Network Infrastructure Routers, switches, WAPs, databases, LDAP Threat Intelligence Feeds TrillionsofRecords
13 DELTA DATA LAKE Reporting Streaming Analytics The LOW-LATENCY of streaming The RELIABILITY& PERFORMANCE of data warehouse The SCALE of data lake The Delta Architecture
14 An Example Hunt Raise your hand when you know what we are searching for… spark.read.table("dns") .where("len(query) > 50") .groupBy(window("ts", "5 minutes"), "src_ip") .count() .where("count > 20") Answer: DNS Exfiltration Attack
15 What about Future Threats? Tune for a specific SLAs using the same code: Batch high latency execute on-demand high throughput Micro-batch medium latency efficient resource allocation high throughput Continuous millisecond latency static resource allocation
16 What about Future Threats? Tune for a specific SLAs using the same code: Batch historical hunting Micro-batch human-in-the-loop alerts Continuous automatic remediation
17 DNS Exfiltration Search Rewritten as a streaming alert spark.readStream.table("dns") .where("len(query) > 50") .groupBy(window("ts", "5 minutes"), "src_ip") .count() .where("count > 20") .writeStream .foreach(new PagerDutySink)
18 Demo: Hunting in • Hosted Apache Spark in the Cloud • Integrated Collaboration • Monitoring / Alerting
19 15% Discount Code: BASMU

More Related Content

PDF
Databricks + Snowflake: Catalyzing Data and AI Initiatives
byDatabricks
 
PDF
Scaling Through Simplicity—How a 300 million User Chat App Reduced Data Engin...
bySpark Summit
 
PDF
Video Games at Scale: Improving the gaming experience with Apache Spark
bySpark Summit
 
PDF
Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...
byDatabricks
 
PPTX
Building Advanced Analytics Pipelines with Azure Databricks
byLace Lofranco
 
PDF
Scaling your Data Pipelines with Apache Spark on Kubernetes
byDatabricks
 
PDF
SQL Analytics Powering Telemetry Analysis at Comcast
byDatabricks
 
PDF
ETL Made Easy with Azure Data Factory and Azure Databricks
byDatabricks
 
Databricks + Snowflake: Catalyzing Data and AI Initiatives
byDatabricks
 
Scaling Through Simplicity—How a 300 million User Chat App Reduced Data Engin...
bySpark Summit
 
Video Games at Scale: Improving the gaming experience with Apache Spark
bySpark Summit
 
Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...
byDatabricks
 
Building Advanced Analytics Pipelines with Azure Databricks
byLace Lofranco
 
Scaling your Data Pipelines with Apache Spark on Kubernetes
byDatabricks
 
SQL Analytics Powering Telemetry Analysis at Comcast
byDatabricks
 
ETL Made Easy with Azure Data Factory and Azure Databricks
byDatabricks
 

What's hot

PDF
Scaling and Modernizing Data Platform with Databricks
byDatabricks
 
PDF
Continuous Applications at Scale of 100 Teams with Databricks Delta and Struc...
byDatabricks
 
PPTX
Insights Without Tradeoffs Using Structured Streaming keynote by Michael Armb...
bySpark Summit
 
PDF
Analytics at the Real-Time Speed of Business: Spark Summit East talk by Manis...
bySpark Summit
 
PDF
Parallelizing Large Simulations with Apache SparkR with Daniel Jeavons and Wa...
bySpark Summit
 
PDF
Simplify and Scale Data Engineering Pipelines with Delta Lake
byDatabricks
 
PDF
Big Telco - Yousun Jeong
bySpark Summit
 
PPTX
Big Data Processing with .NET and Spark (SQLBits 2020)
byMichael Rys
 
PDF
Apache® Spark™ MLlib: From Quick Start to Scikit-Learn
byDatabricks
 
PDF
Real-Time Machine Learning with Redis, Apache Spark, Tensor Flow, and more wi...
byDatabricks
 
PDF
New Developments in the Open Source Ecosystem: Apache Spark 3.0, Delta Lake, ...
byDatabricks
 
PDF
Cloud Experience: Data-driven Applications Made Simple and Fast
byDatabricks
 
PDF
Smack Stack and Beyond—Building Fast Data Pipelines with Jorg Schad
bySpark Summit
 
PDF
Spark SQL Adaptive Execution Unleashes The Power of Cluster in Large Scale wi...
byDatabricks
 
PDF
Is there a way that we can build our Azure Synapse Pipelines all with paramet...
byErwin de Kreuk
 
PDF
Hyperspace for Delta Lake
byDatabricks
 
PPTX
OracleStore: A Highly Performant RawStore Implementation for Hive Metastore
byDataWorks Summit
 
PDF
Intro to databricks delta lake
byMykola Zerniuk
 
PPTX
Spark Streaming with Azure Databricks
byDustin Vannoy
 
PDF
Redash: Open Source SQL Analytics on Data Lakes
byDatabricks
 
Scaling and Modernizing Data Platform with Databricks
byDatabricks
 
Continuous Applications at Scale of 100 Teams with Databricks Delta and Struc...
byDatabricks
 
Insights Without Tradeoffs Using Structured Streaming keynote by Michael Armb...
bySpark Summit
 
Analytics at the Real-Time Speed of Business: Spark Summit East talk by Manis...
bySpark Summit
 
Parallelizing Large Simulations with Apache SparkR with Daniel Jeavons and Wa...
bySpark Summit
 
Simplify and Scale Data Engineering Pipelines with Delta Lake
byDatabricks
 
Big Telco - Yousun Jeong
bySpark Summit
 
Big Data Processing with .NET and Spark (SQLBits 2020)
byMichael Rys
 
Apache® Spark™ MLlib: From Quick Start to Scikit-Learn
byDatabricks
 
Real-Time Machine Learning with Redis, Apache Spark, Tensor Flow, and more wi...
byDatabricks
 
New Developments in the Open Source Ecosystem: Apache Spark 3.0, Delta Lake, ...
byDatabricks
 
Cloud Experience: Data-driven Applications Made Simple and Fast
byDatabricks
 
Smack Stack and Beyond—Building Fast Data Pipelines with Jorg Schad
bySpark Summit
 
Spark SQL Adaptive Execution Unleashes The Power of Cluster in Large Scale wi...
byDatabricks
 
Is there a way that we can build our Azure Synapse Pipelines all with paramet...
byErwin de Kreuk
 
Hyperspace for Delta Lake
byDatabricks
 
OracleStore: A Highly Performant RawStore Implementation for Hive Metastore
byDataWorks Summit
 
Intro to databricks delta lake
byMykola Zerniuk
 
Spark Streaming with Azure Databricks
byDustin Vannoy
 
Redash: Open Source SQL Analytics on Data Lakes
byDatabricks
 

Similar to Enancing Threat Detection with Big Data and AI

PDF
Accelerating Cyber Threat Detection With GPU
byJoshua Patterson
 
PDF
SE2016 BigData Vitalii Bondarenko "HD insight spark. Advanced in-memory Big D...
byInhacking
 
PDF
Vitalii Bondarenko HDinsight: spark. advanced in memory big-data analytics wi...
byАліна Шепшелей
 
PDF
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
byDB Tsai
 
PDF
Using Data Science for Cybersecurity
byVMware Tanzu
 
PPTX
BsidesLVPresso2016_JZeditsv6
byRod Soto
 
PPTX
Delivering Security Insights with Data Analytics and Visualization
byRaffael Marty
 
PPTX
Predictive Analysis of Financial Fraud Detection using Azure and Spark ML
byJongwook Woo
 
PDF
Spark forplainoldjavageeks svforum_20140724
bysdeeg
 
PDF
A look ahead at spark 2.0
byDatabricks
 
PDF
Bds session 13 14
byInfinity Tech Solutions
 
PDF
ING CoreIntel - collect and process network logs across data centers in near ...
byEvention
 
PPTX
Real callenges in big data security
bybalasahebcomp
 
PPTX
Core intel
byKrzysztof Adamski
 
PPTX
Security issues in big data
byShallote Dsouza
 
PDF
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
byKeith Kraus
 
PDF
Jump Start into Apache® Spark™ and Databricks
byDatabricks
 
PDF
Big Data and Predictive Analysis
byJongwook Woo
 
PPTX
Shaping a Digital Vision
byDataWorks Summit/Hadoop Summit
 
PDF
Big Data Analytics and Ubiquitous computing
byAnimesh Chaturvedi
 
Accelerating Cyber Threat Detection With GPU
byJoshua Patterson
 
SE2016 BigData Vitalii Bondarenko "HD insight spark. Advanced in-memory Big D...
byInhacking
 
Vitalii Bondarenko HDinsight: spark. advanced in memory big-data analytics wi...
byАліна Шепшелей
 
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
byDB Tsai
 
Using Data Science for Cybersecurity
byVMware Tanzu
 
BsidesLVPresso2016_JZeditsv6
byRod Soto
 
Delivering Security Insights with Data Analytics and Visualization
byRaffael Marty
 
Predictive Analysis of Financial Fraud Detection using Azure and Spark ML
byJongwook Woo
 
Spark forplainoldjavageeks svforum_20140724
bysdeeg
 
A look ahead at spark 2.0
byDatabricks
 
Bds session 13 14
byInfinity Tech Solutions
 
ING CoreIntel - collect and process network logs across data centers in near ...
byEvention
 
Real callenges in big data security
bybalasahebcomp
 
Core intel
byKrzysztof Adamski
 
Security issues in big data
byShallote Dsouza
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
byKeith Kraus
 
Jump Start into Apache® Spark™ and Databricks
byDatabricks
 
Big Data and Predictive Analysis
byJongwook Woo
 
Shaping a Digital Vision
byDataWorks Summit/Hadoop Summit
 
Big Data Analytics and Ubiquitous computing
byAnimesh Chaturvedi
 

More from Databricks

PPTX
DW Migration Webinar-March 2022.pptx
byDatabricks
 
PPTX
Data Lakehouse Symposium | Day 1 | Part 1
byDatabricks
 
PPT
Data Lakehouse Symposium | Day 1 | Part 2
byDatabricks
 
PPTX
Data Lakehouse Symposium | Day 2
byDatabricks
 
PPTX
Data Lakehouse Symposium | Day 4
byDatabricks
 
PDF
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
byDatabricks
 
PDF
Democratizing Data Quality Through a Centralized Platform
byDatabricks
 
PDF
Learn to Use Databricks for Data Science
byDatabricks
 
PDF
Why APM Is Not the Same As ML Monitoring
byDatabricks
 
PDF
The Function, the Context, and the Data—Enabling ML Ops at Stitch Fix
byDatabricks
 
PDF
Stage Level Scheduling Improving Big Data and AI Integration
byDatabricks
 
PDF
Simplify Data Conversion from Spark to TensorFlow and PyTorch
byDatabricks
 
PDF
Scaling and Unifying SciKit Learn and Apache Spark Pipelines
byDatabricks
 
PDF
Sawtooth Windows for Feature Aggregations
byDatabricks
 
PDF
Redis + Apache Spark = Swiss Army Knife Meets Kitchen Sink
byDatabricks
 
PDF
Re-imagine Data Monitoring with whylogs and Spark
byDatabricks
 
PDF
Raven: End-to-end Optimization of ML Prediction Queries
byDatabricks
 
PDF
Processing Large Datasets for ADAS Applications using Apache Spark
byDatabricks
 
PDF
Massive Data Processing in Adobe Using Delta Lake
byDatabricks
 
PDF
Machine Learning CI/CD for Email Attack Detection
byDatabricks
 
DW Migration Webinar-March 2022.pptx
byDatabricks
 
Data Lakehouse Symposium | Day 1 | Part 1
byDatabricks
 
Data Lakehouse Symposium | Day 1 | Part 2
byDatabricks
 
Data Lakehouse Symposium | Day 2
byDatabricks
 
Data Lakehouse Symposium | Day 4
byDatabricks
 
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
byDatabricks
 
Democratizing Data Quality Through a Centralized Platform
byDatabricks
 
Learn to Use Databricks for Data Science
byDatabricks
 
Why APM Is Not the Same As ML Monitoring
byDatabricks
 
The Function, the Context, and the Data—Enabling ML Ops at Stitch Fix
byDatabricks
 
Stage Level Scheduling Improving Big Data and AI Integration
byDatabricks
 
Simplify Data Conversion from Spark to TensorFlow and PyTorch
byDatabricks
 
Scaling and Unifying SciKit Learn and Apache Spark Pipelines
byDatabricks
 
Sawtooth Windows for Feature Aggregations
byDatabricks
 
Redis + Apache Spark = Swiss Army Knife Meets Kitchen Sink
byDatabricks
 
Re-imagine Data Monitoring with whylogs and Spark
byDatabricks
 
Raven: End-to-end Optimization of ML Prediction Queries
byDatabricks
 
Processing Large Datasets for ADAS Applications using Apache Spark
byDatabricks
 
Massive Data Processing in Adobe Using Delta Lake
byDatabricks
 
Machine Learning CI/CD for Email Attack Detection
byDatabricks
 

Recently uploaded

PPTX
Building AI agents in Java - Devoxx Belgium 2025
byJulien Dubois
 
PDF
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
PDF
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...
byiaaixmarseille
 
PDF
Bring AI and build AI agents into your Jakarta EE Apps with LangChain4J-CDI
byBuhake Sindi
 
PDF
Internship Project Training Report-3.pdf
byPawank36
 
PDF
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
PDF
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
PDF
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
PDF
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
PPTX
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
PDF
Custom MGA Software Development: Better Apporach
byOpenkoda
 
PDF
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
PDF
Data Integration with Salesforce Bootcamp
byDele Amefo
 
PDF
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
PDF
DSD-INT 2025 Understanding the Paraguay River Response to Hard Bottom Dredgin...
byDeltares
 
PDF
DevOps Monitoring Tools: The 2025 Guide to Performance & Observability
byalexendrascott01
 
PDF
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
PPTX
Building a RAG System for Customer Support - L1
byBogdan Mustata
 
PDF
DSD-INT 2025 Building-Aware Flood and Lifeline Scour Modeling with Delft3D FM...
byDeltares
 
PPTX
Zotero Software Demonstration. Biomedical Perspective
byDr Snehashis Singha
 
Building AI agents in Java - Devoxx Belgium 2025
byJulien Dubois
 
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...
byiaaixmarseille
 
Bring AI and build AI agents into your Jakarta EE Apps with LangChain4J-CDI
byBuhake Sindi
 
Internship Project Training Report-3.pdf
byPawank36
 
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
Custom MGA Software Development: Better Apporach
byOpenkoda
 
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
Data Integration with Salesforce Bootcamp
byDele Amefo
 
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
DSD-INT 2025 Understanding the Paraguay River Response to Hard Bottom Dredgin...
byDeltares
 
DevOps Monitoring Tools: The 2025 Guide to Performance & Observability
byalexendrascott01
 
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
Building a RAG System for Customer Support - L1
byBogdan Mustata
 
DSD-INT 2025 Building-Aware Flood and Lifeline Scour Modeling with Delft3D FM...
byDeltares
 
Zotero Software Demonstration. Biomedical Perspective
byDr Snehashis Singha
 

Enancing Threat Detection with Big Data and AI

  • 1.
    Enhancing Threat Detection withBig Data and AI Michael Armbrust & Burak Yavuz @michaelarmbrust Bay AreaCyber Security Meetup – April 2018
  • 2.
    2 About Us Engineers onthe StreamTeam @ Committers / PMC Members on Created: • Spark SQL – High-level, declarative queries on big data • Structured Streaming – Low latency, incremental processing • Databricks Delta - Massive Scale, Transactional Cloud Storage
  • 3.
    3 Fast and GeneralCluster Computing Scala SQL EC2 Kubernetes Automatic Parallelism and Fault-tolerance GCP YARN
  • 4.
    4 Apache Spark Philosophy Unifiedengine for complete data applications High-level user-friendly APIs SQLStreaming ML Graph …
  • 5.
    5 Write Less Code:Compute an Average private IntWritable one = new IntWritable(1) private IntWritable output = new IntWritable() proctected void map( LongWritable key, Text value, Context context) { String[] fields = value.split("t") output.set(Integer.parseInt(fields[1])) context.write(one, output) } IntWritable one = new IntWritable(1) DoubleWritable average = new DoubleWritable() protected void reduce( IntWritable key, Iterable<IntWritable> values, Context context) { int sum = 0 int count = 0 for(IntWritable value : values) { sum += value.get() count++ } average.set(sum / (double) count) context.Write(key, average) } data = sc.textFile(...).split("t") data.map(lambda x: (x[0], [x.[1], 1])) .reduceByKey(lambda x, y: [x[0] + y[0], x[1] + y[1]]) .map(lambda x: [x[0], x[1][0] / x[1][1]]) .collect() 5
  • 6.
    6 Write Less Code:Compute an Average Using RDDs data = sc.textFile(...).split("t") data.map(lambda x: (x[0], [x.[1], 1])) .reduceByKey(lambda x, y: [x[0] + y[0], x[1] + y[1]]) .map(lambda x: [x[0], x[1][0] / x[1][1]]) .collect() Using DataFrames sqlCtx.table("people") .groupBy("name") .agg("name", avg("age")) .collect() 6 Using SQL SELECT name, avg(age) FROM people GROUP BY name
  • 7.
    7 Why should Icare? As a business analyst, how does help me? data scientist APT HUNTER
  • 8.
    8 Lets look atwhat has been happing in AI…
  • 9.
    9 Big Data wasthe Missing Link for AI BIG DATA Customer Data Emails/Web pages Click Streams Sensor data (IoT) Video/Speech … GREAT RESULTS
  • 10.
    10 Hardest part ofAI isn’t AI “Hidden Technical Debt in Machine LearningSystems", Google NIPS2015 The hardest part of AI is Big Data ML Code
  • 11.
    11 Does the sameapply to Security?
  • 12.
    12 • Only afew weeks of data • Very expensive to scale • Proprietary formats • No predictions (ML) Messy data not ready for analytics DATA LAKE Complex ETL EDW EDW EDW Incidence Response Alerting Reports SIEM Security Data @ Fortune 100 Company SecurityInfrastructure IDS/IPS, DLP, antivirus, load balancers, proxy servers Cloud Infrastructure& Apps AWS, Azure, Google Cloud, Audit Logs Servers Infrastructure Linux, Unix, Windows Network Infrastructure Routers, switches, WAPs, databases, LDAP Threat Intelligence Feeds TrillionsofRecords
  • 13.
  • 14.
    14 An Example Hunt Raiseyour hand when you know what we are searching for… spark.read.table("dns") .where("len(query) > 50") .groupBy(window("ts", "5 minutes"), "src_ip") .count() .where("count > 20") Answer: DNS Exfiltration Attack
  • 15.
    15 What about FutureThreats? Tune for a specific SLAs using the same code: Batch high latency execute on-demand high throughput Micro-batch medium latency efficient resource allocation high throughput Continuous millisecond latency static resource allocation
  • 16.
    16 What about FutureThreats? Tune for a specific SLAs using the same code: Batch historical hunting Micro-batch human-in-the-loop alerts Continuous automatic remediation
  • 17.
    17 DNS Exfiltration Search Rewrittenas a streaming alert spark.readStream.table("dns") .where("len(query) > 50") .groupBy(window("ts", "5 minutes"), "src_ip") .count() .where("count > 20") .writeStream .foreach(new PagerDutySink)
  • 18.
    18 Demo: Hunting in •Hosted Apache Spark in the Cloud • Integrated Collaboration • Monitoring / Alerting
  • 19.