Home / Companies / Tinybird / Blog / Post Details
Content Deep Dive

ClickHouse cybersecurity logs

Blog post from Tinybird

Post Details
Company
Date Published
Author
Tinybird
Word Count
1,416
Company Posts That Month
19
Language
English
Hacker News Points
-
Post removed?
No
Summary

Security operations rely heavily on log data from various sources such as firewalls, authentication systems, and cloud audits, requiring rapid ingestion, long-term storage, and efficient query capabilities. Traditional SIEM platforms use costly proprietary technologies, whereas ClickHouse offers an open-source, columnar storage solution optimized for high-volume data ingestion and fast query performance, as demonstrated by its deployment in companies like IBM and Exabeam. The text details how ClickHouse's schema patterns, such as the use of LowCardinality and IPv4 data types, enhance performance for security logs by enabling efficient filtering, aggregation, and compression. It highlights the use of detection queries for identifying security threats, such as brute force attacks and multi-stage attacks, emphasizing the benefits of using materialized views and windowFunnel functions to streamline data processing. Furthermore, it discusses log enrichment techniques using GeoIP data, strategies for cost-effective storage with tiered retention policies, and the option of using managed ClickHouse services like Tinybird for scalable, real-time analytics without the overhead of managing a cluster.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Real-time 3 5,735 1,391 247 -9%
Data Pipeline 1 624 230 79 -19%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.