Code execution

Analysts can insert their own source code into the transformations pipelines framework, and inserted code will be executed as part of the logs processing. This provides 6 key advantages:

1. Flexibility and customization – Analysts can implement tailored and unlimited logic for parsing, enrichment, or filtering that directly addresses specific client requirements or threat scenarios, without waiting for new product releases.

2. Increased autonomy – SOC teams gain independence from external tools or third-party modules. Analysts can directly extend the processing pipeline with their own expertise, reducing dependency on vendor-driven updates.

3. Faster response to emerging needs – Integration of new data sources, formats or normalization rules can be implemented immediately, accelerating the adaptation of the platform to evolving threats.

4. Unlimited processing capabilities – By enabling custom code execution, analysts are not constrained by pre-defined transformation types. They can design any logic required for complex workflows, providing virtually unlimited processing options.

5. Knowledge codification – The approach makes it possible to capture and operationalize the domain expertise of analysts in code form, ensuring that best practices and advanced techniques are shared and reused across the SOC.

6. Operational efficiency – Reducing the need for manual workarounds or external preprocessing tools saves time, simplifies workflows, and decreases the overall operational cost of managing multi-client environments.