Client
A leader in NDR (Network Detection and Response)
Service Portfolio
Product Advancement
Impact
Newer parser development and production roll-out timeline reduced from 4 weeks to 1 week
Number of new parsers roll-out increased to 125 in the year after the new parser framework roll-out, compared to 45 parsers roll-out before
Challenges
Limited knowledge of the existing Parser Framework. A member who had developed the legacy parser framework had left the organization
Poor documentation
Limited features restricting usage to a couple of use cases.
Extra effort is needed to write custom parsers that can process the data coming out of the framework to make it useful.
Dependency on a human to perform certain tasks manually as well as manual intervention required during failures.
Lengthy cycle time for newer Connector’s release and high operational cost
Limited knowledge of support team in relation to these field-driven changes
Sacumen Solution
Developed an enterprise-scale multi-tenant Parser framework.
The framework collects all the regex patterns from the parser definition file, compares them with the incoming raw logs, sanitizes the logs, aggregates the sanitized logs, parses them, and pushes the parsed logs to the Kafka topic
Maintains its own queuing mechanism developed as per AMQP (0-9-1) specifications.
A pipeline architecture helps framework processing data efficiently .
The framework is deployed in a container, scalable, can work in the cluster and can easily be included in CI/CD pipeline.
The clusters can communicate with each other efficiently via a common communication medium that can be any storage service like SQL / NoSQL databases, Redis queues, etc.
Full Ownership for Upgrades, Patches, and Releases
Technologies: Python, Kafka
info@sacumen.com
+91 80 4976 5878
There are no reviews yet.