ClickHouse cybersecurity logs
Blog post from Tinybird
Security operations rely heavily on log data from various sources such as firewalls, authentication systems, and cloud audits, requiring rapid ingestion, long-term storage, and efficient query capabilities. Traditional SIEM platforms use costly proprietary technologies, whereas ClickHouse offers an open-source, columnar storage solution optimized for high-volume data ingestion and fast query performance, as demonstrated by its deployment in companies like IBM and Exabeam. The text details how ClickHouse's schema patterns, such as the use of LowCardinality and IPv4 data types, enhance performance for security logs by enabling efficient filtering, aggregation, and compression. It highlights the use of detection queries for identifying security threats, such as brute force attacks and multi-stage attacks, emphasizing the benefits of using materialized views and windowFunnel functions to streamline data processing. Furthermore, it discusses log enrichment techniques using GeoIP data, strategies for cost-effective storage with tiered retention policies, and the option of using managed ClickHouse services like Tinybird for scalable, real-time analytics without the overhead of managing a cluster.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| Real-time | 3 | 5,735 | 1,391 | 247 | -9% |
| Data Pipeline | 1 | 624 | 230 | 79 | -19% |
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.