Graph traversals and time travel: incident response in one query language
Blog post from SurrealDB
In the text, Martin Schaer discusses the advantages of using a graph-based model over traditional flat tables for incident response in cybersecurity, particularly when utilizing SurrealDB. Traditional models, such as spreadsheets or flat CMDB tables, are limited to answering basic asset inventory questions and fall short during incidents where understanding the risk and reachability between assets is crucial. By employing a graph model, relationships between nodes (assets, accounts, vulnerabilities) can be directly mapped, enabling efficient queries for determining blast radius, lateral movement, and crown-jewel exposure during an incident. SurrealDB enhances this model by supporting graph traversals and time-travel queries through its VERSION clause, allowing teams to reconstruct incidents accurately by querying historical states of the network. This approach transforms complex recursive joins into straightforward traversals, making critical incident queries more accessible and effective in real-time scenarios. The text encourages users to implement this model by setting up SurrealDB, seeding it with data, and leveraging its capabilities to maintain a live, queryable, and time-traveling security graph for proactive and reactive incident management.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| AI Agents | 1 | 4,874 | 1,103 | 240 | -1% |