Skip to main content

Databricks / Antimatter Security Lakehouse

The Databricks / Antimatter Security Lakehouse (DASL) is a tool that integrates with Databricks and makes it easier to work with cybersecurity data. It is a rapidly evolving product that is designed to allow SIEM workloads to be more easily processed in Databricks, yielding improved performance, flexibility and cost when compared to traditional SIEM tools.

DASL offers features for the following use cases:

Data Ingest:

  • Loading data into Bronze tables
  • Extracting and parsing that data into Silver tables that can be used for model training, incident response and threat hunting
  • Normalizing that data into Open Cybersecurity Schema Framework (OCSF) formatted Gold tables

Detections:

  • Easy management of large numbers of SQL or PySpark detections
  • Compute optimizations for those detections (e.g. grouping detections that consume similar data)
  • Built in support for both the Mitre ATT&CK framework and custom categorization of detections
  • Tracking and indexing of Observables
  • Aggregation of risk for Observables
  • Export of Notables to third party case management systems

Health Monitoring:

  • Defining data expectations that are evaluated on incoming data
  • Capturing metrics around data processing
  • Producing "Operational Alerts" when data expectations are not met or when there are syntax and configuration errors in data sources or detections
  • Export of Operational Alerts to third party ticket management systems

Private Preview

DASL is currently in Private Preview. During this phase, we are working with a select number of customers as design partners. For those customers in the Private Preview, we are working closely to ensure the product meets their requirements, and we are rapidly building data source integrations and features in response to feedback. During Private Preview, there is no additional charge for DASL above the standard cost of compute and no professional services charges for requested data source integrations or features.

If you are not already part of the Private Preview and are interested in trying DASL for your use cases, please reach out to support@antimatter.io.