Show HN: Venator – Open-source threat detection

(github.com)

91 points | by 0x4d31 12 days ago

3 comments

  • redman25 11 days ago
    Seems to me like the value of a threat detection platform would be the detections themselves. With just the platform, and no detections, you have a foundation but the bulk of the work hasn't been started yet. If you're large enough to need a threat detection platform, you're probably large enough to be able to afford a product that has security engineers behind it constantly pumping out new detections for novel vulnerabilities.
    • NitpickLawyer 11 days ago
      Two areas where this could help, at a first glance - 1. speed-up new pipelines / connectors / onboarding for new tools and 2. snr for alerts based on integration with LLMs. There are a lot of low hanging fruits in having an "agentic" system look over alerts that traditionally were just muted based on heuristic thresholds, just in case something important slips through. Being MIT of course helps with both.
  • eat_your_potato 11 days ago
    Finding a good "alert manager" compatible with many database is not easy. At work we're using https://github.com/jertel/elastalert2 with custom rules, but it's only targeting Elastic/Opensearch.
  • 0x4d31 4 days ago