Unified views
- Create analytic models with richer context of user and entity behaviors across a disparate set of data sources with unified views
- Define relationships between the various security data types for joining log data with user, network, and endpoint entity data in both relational and graph models
- Reduce attacker dwell time by discovering and assessing adversarial behavior faster and with fewer resources
Downstream analytics
- Open data model enables downstream analytics for sharing and reuse of threat detection models, algorithms, and analytics
- Collect and analyze the standard security event logs and alerts from the most common entities such as network, user, and endpoint, as well as the relevant contextual data
Operationalized data lake
- Turn your Snowflake data cloud into a security data lake by applying our open data model
- Use cases enabled by the creation of logical domain groups from event data
- Support to deliver dashboards, ML-based analytics, and interactive query capabilities
Bring all your data together
Our open data model brings together all security-related telemetry into a unified taxonomy that can detect and understand threats more effectively than before, leading to shorter dwell times. Create analytics models with rich context of user and entity behaviors.
Democratize your data
Our open data model enables downstream analytics for sharing and reuse of threat detection models, algorithms, and analytics. With our high-level abstraction, no specialized data science skills are required to access data productively
Graph view
Gain additional insights into user activity. With graph view, an analyst can see the complete flow of all entities connected to this user and understand the severity of the “finding” as well as entities impacted through it.
Single data store
Storing all your telemetry in a single data store gives you instant access to the data across all sources. Do full-text search, use our analytics applications, build your own, or integrate third-party solutions.
Context
Establish context across all your telemetry and enrichment data for a deeper understanding of security threats
Add new sources
New data sources can be added with no impact on downstream applications. New data will be added to the data model and mapped to existing taxonomy, eliminating overhead associated with adding new data sources on legacy solutions.
