One of the most challenging problems in analyzing security data is that it can come in many formats, sizes and locations. Apache Drill is an open source tool which enables you to query many different types of data using standard ANSI SQL. Out of the box, Drill can query many kinds of security related data including PCAP, PCAP-NG, Syslog, HTTPD/NGINX logs, JSON, CSV and many others. Drill can also directly query many source systems such as JDBC databases, MongoDB, Kafka and many more. Additionally, custom plugins exist to query many other data sources such as Excel, BlockChain, HDF5 and more.
In this 60 minute workshop, Mr. Givre will walk you through how to use Drill to analyze complex security data. You will learn how to connect Drill to another open source project, Apache Superset, to rapidly build interactive dashboards and visualize the data. Finally we will discuss how to customize Drill by writing your own user defined plugins and format plugins.