Summary Servers and services that have any exposure to the public internet are under a constant barrage of attacks. Network security engineers are tasked with discovering and addressing any potential breaches to their systems, which is a never-ending task as attackers continually evolve their tactics. In order to gain better visibility into complex exploits Colin O’Brien built the Grapl platform, using graph database technology to more easily discover relationships between activities within and across servers. In this episode he shares his motivations for creating a new system to discover potential security breaches, how its design simplifies the work of identifying complex attacks without relying on brittle rules, and how you can start using it to monitor your own systems today. Announcements Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great. When you’re ready to launch your next app or want to try a project you hear about on the show, you’ll need somewhere to deploy it, so take a look at our friends over at Linode. With the launch of their managed Kubernetes platform it’s easy to get started with the next generation of deployment and scaling, powered by the battle tested Linode platform, including simple pricing, node balancers, 40Gbit networking, dedicated CPU and GPU instances, and worldwide data centers. Go to pythonpodcast.com/linode and get a $60 credit to try out a Kubernetes cluster of your own. And don’t forget to thank them for their continued support of this show! This portion of Python Podcast is brought to you by Datadog. Do you have an app in production that is slower than you like? Is its performance all over the place (sometimes fast, sometimes slow)? Do you know why? With Datadog, you will. You can troubleshoot your app’s performance with Datadog’s end-to-end tracing and in one click correlate those Python traces with related logs and metrics. Use their detailed flame graphs to identify bottlenecks and latency in that app of yours. Start tracking the performance of your apps with a free trial at pythonpodcast.com/datadog. If you sign up for a trial and install the agent, Datadog will send you a free t-shirt. You listen to this show to learn and stay up to date with the ways that Python is being used, including the latest in machine learning and data analysis. For more opportunities to stay up to date, gain new skills, and learn from your peers there are a growing number of virtual events that you can attend from the comfort and safety of your home. Go to pythonpodcast.com/conferences to check out the upcoming events being offered by our partners and get registered today! Your host as usual is Tobias Macey and today I’m interviewing Colin O’Brien about Grapl, an open source platform for detection and response of system security incidents Interview Introductions How did you get introduced to Python? Can you start by describing what Grapl is and the problem that you are trying to solve with it? What was your original motivation to create it? What were the existing options for security detection and response, and how is Grapl differentiated from them? Who is the target audience for the Grapl project? How is the Grapl system architected? How has the design of the system evolved since you first began working on it? How much effort would it be to separate the Grapl architecture from AWS to migrate it to other environments? What have you found to be the benefits of splitting the implementation of the system between Rust for the system and Python for the exploration? What challenges have you faced as a result of working across those languages? What data sources does Grapl use to build its graph of events within a system? Can you talk through the overall workflow for someone using Grapl? What are some examples of the types of exploits that you can identify with Grapl? What are some of the most interesting, unexpected, or innovative ways that you have seen Grapl used? What are some of the most interesting, unexpected, or challenging lessons that you have learned while building it? When is Grapl the wrong choice? What do you have planned for the future of Grapl? Keep In Touch insanitybit on GitHub LinkedIn @InsanityBit on Twitter Picks Tobias Artemis Fowl book series by Eoin Colfer Artemis Fowl Movie Colin PyO3 Closing Announcements Thank you for listening! Don’t forget to check out our other show, the Data Engineering Podcast for the latest on modern data management. Visit the site to subscribe to the show, sign up for the mailing list, and read the show notes. If you’ve learned something or tried out a project from the show then tell us about it! Email hosts@podcastinit.com) with your story. To help other people find the show please leave a review on iTunes and tell your friends and co-workers Join the community in the new Zulip chat workspace at pythonpodcast.com/chat Links Grapl Grapl Security SIEM == Security Information and Event Management Rapid7 Metasploit Insight IDR Erlang DGraph Splunk Elasticsearch AWS Lambda Sysdig Sysmon AWS CloudTrail Guard Duty OpenFaaS AWS SQS DynamoDB PyO3 Dropper Malware SSH Session Hijacking Vagrant The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA