{"id":9332,"date":"2020-05-13T02:00:07","date_gmt":"2020-05-13T09:00:07","guid":{"rendered":"http:\/\/softwareengineeringdaily.com\/?p=9332"},"modified":"2021-02-12T17:33:53","modified_gmt":"2021-02-13T01:33:53","slug":"grapl-graph-based-detection-and-response-with-colin-obrien","status":"publish","type":"post","link":"https:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/","title":{"rendered":"Grapl: Graph-Based Detection and Response with Colin O&#8217;Brien"},"content":{"rendered":"<p><img data-attachment-id=\"2475\" data-permalink=\"https:\/\/softwareengineeringdaily.com\/2016\/04\/19\/googles-container-management-brendan-burns\/brendan-burns\/\" data-orig-file=\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2016\/04\/brendan-burns.jpg?fit=175%2C175&amp;ssl=1\" data-orig-size=\"175,175\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"brendan-burns\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2016\/04\/brendan-burns.jpg?fit=175%2C175&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2016\/04\/brendan-burns.jpg?fit=175%2C175&amp;ssl=1\" decoding=\"async\" loading=\"lazy\" class=\"alignright size-full wp-image-2475\" style=\"border-radius: 50%; border: 1px solid #000000; max-width: 175px; max-height: 175px;\" src=\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2020\/05\/ColinOBrien.jpeg?resize=175%2C175&#038;ssl=1\" width=\"175\" height=\"175\" data-recalc-dims=\"1\" \/><\/p>\n<p><span style=\"font-weight: 400;\">A large software company such as Dropbox is at a constant risk of security breaches. These security breaches can take the form of social engineering attacks, network breaches, and other malicious adversarial behavior. This behavior can be surfaced by analyzing collections of log data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Log-based threat response is not a new technique. But how should those logs be analyzed? Grapl is a system for modeling log data as a graph, and analyzing that graph for threats based on how nodes in the graph have interacted. By building a graph from log data, Grapl can classify interaction patterns that correspond to threats.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Colin O\u2019Brien is the creator of Grapl, and he joins the show to discuss security, as well as threat detection and response.<\/span><\/p>\n<p>Sponsorship inquiries:\u00a0<a href=\"mailto:sponsor@softwareengineeringdaily.com\">sponsor@softwareengineeringdaily.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A large software company such as Dropbox is at a constant risk of security breaches. These security breaches can take the form of social engineering attacks, network breaches, and other malicious adversarial behavior. This behavior can be surfaced by analyzing collections of log data. Log-based threat response is not a new technique. But how should<\/p>\n","protected":false},"author":3,"featured_media":9340,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"Grapl: Graph-Based Detection and Response with Colin O'Brien @insanitybit @graplsec","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1363,2143,14,1083],"tags":[3732,3736,3733,3735,3737,3738,3734],"jetpack_publicize_connections":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Grapl: Graph-Based Detection and Response with Colin O&#039;Brien - Software Engineering Daily<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Grapl: Graph-Based Detection and Response with Colin O&#039;Brien - Software Engineering Daily\" \/>\n<meta property=\"og:description\" content=\"A large software company such as Dropbox is at a constant risk of security breaches. These security breaches can take the form of social engineering attacks, network breaches, and other malicious adversarial behavior. This behavior can be surfaced by analyzing collections of log data. Log-based threat response is not a new technique. But how should\" \/>\n<meta property=\"og:url\" content=\"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/\" \/>\n<meta property=\"og:site_name\" content=\"Software Engineering Daily\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-13T09:00:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-02-13T01:33:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2020\/05\/Grapl.png?fit=1530%2C742\" \/>\n\t<meta property=\"og:image:width\" content=\"1530\" \/>\n\t<meta property=\"og:image:height\" content=\"742\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"SE Daily\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@software_daily\" \/>\n<meta name=\"twitter:site\" content=\"@software_daily\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"SE Daily\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/\"},\"author\":{\"name\":\"SE Daily\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/822f06fe7d6f895baba29a9c0a3aa6c8\"},\"headline\":\"Grapl: Graph-Based Detection and Response with Colin O&#8217;Brien\",\"datePublished\":\"2020-05-13T09:00:07+00:00\",\"dateModified\":\"2021-02-13T01:33:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/\"},\"wordCount\":138,\"publisher\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#organization\"},\"keywords\":[\"Colin O'Brien\",\"graph\",\"Grapl\",\"log-based threat response\",\"modeling log data\",\"security breach\",\"threat response\"],\"articleSection\":[\"All Content\",\"Exclusive Content\",\"Podcast\",\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/\",\"url\":\"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/\",\"name\":\"Grapl: Graph-Based Detection and Response with Colin O'Brien - Software Engineering Daily\",\"isPartOf\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#website\"},\"datePublished\":\"2020-05-13T09:00:07+00:00\",\"dateModified\":\"2021-02-13T01:33:53+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/softwareengineeringdaily.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Grapl: Graph-Based Detection and Response with Colin O&#8217;Brien\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#website\",\"url\":\"https:\/\/softwareengineeringdaily.com\/\",\"name\":\"Software Engineering Daily\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/softwareengineeringdaily.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#organization\",\"name\":\"Software Engineering Daily\",\"url\":\"https:\/\/softwareengineeringdaily.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2022\/01\/cropped-logo-new.png?fit=296%2C139&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2022\/01\/cropped-logo-new.png?fit=296%2C139&ssl=1\",\"width\":296,\"height\":139,\"caption\":\"Software Engineering Daily\"},\"image\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/twitter.com\/software_daily\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/822f06fe7d6f895baba29a9c0a3aa6c8\",\"name\":\"SE Daily\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b92f4cf3dc4d94f73834f83e2a22a372?s=96&d=retro&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b92f4cf3dc4d94f73834f83e2a22a372?s=96&d=retro&r=pg\",\"caption\":\"SE Daily\"},\"description\":\"The SE Daily podcast.\",\"sameAs\":[\"https:\/\/softwareengineeringdaily.com\"],\"url\":\"https:\/\/softwareengineeringdaily.com\/author\/erikawho\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Grapl: Graph-Based Detection and Response with Colin O'Brien - Software Engineering Daily","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/","og_locale":"en_US","og_type":"article","og_title":"Grapl: Graph-Based Detection and Response with Colin O'Brien - Software Engineering Daily","og_description":"A large software company such as Dropbox is at a constant risk of security breaches. These security breaches can take the form of social engineering attacks, network breaches, and other malicious adversarial behavior. This behavior can be surfaced by analyzing collections of log data. Log-based threat response is not a new technique. But how should","og_url":"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/","og_site_name":"Software Engineering Daily","article_published_time":"2020-05-13T09:00:07+00:00","article_modified_time":"2021-02-13T01:33:53+00:00","og_image":[{"width":1530,"height":742,"url":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2020\/05\/Grapl.png?fit=1530%2C742","type":"image\/png"}],"author":"SE Daily","twitter_card":"summary_large_image","twitter_creator":"@software_daily","twitter_site":"@software_daily","twitter_misc":{"Written by":"SE Daily","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/#article","isPartOf":{"@id":"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/"},"author":{"name":"SE Daily","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/822f06fe7d6f895baba29a9c0a3aa6c8"},"headline":"Grapl: Graph-Based Detection and Response with Colin O&#8217;Brien","datePublished":"2020-05-13T09:00:07+00:00","dateModified":"2021-02-13T01:33:53+00:00","mainEntityOfPage":{"@id":"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/"},"wordCount":138,"publisher":{"@id":"https:\/\/softwareengineeringdaily.com\/#organization"},"keywords":["Colin O'Brien","graph","Grapl","log-based threat response","modeling log data","security breach","threat response"],"articleSection":["All Content","Exclusive Content","Podcast","Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/","url":"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/","name":"Grapl: Graph-Based Detection and Response with Colin O'Brien - Software Engineering Daily","isPartOf":{"@id":"https:\/\/softwareengineeringdaily.com\/#website"},"datePublished":"2020-05-13T09:00:07+00:00","dateModified":"2021-02-13T01:33:53+00:00","breadcrumb":{"@id":"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/softwareengineeringdaily.com\/2020\/05\/13\/grapl-graph-based-detection-and-response-with-colin-obrien\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/softwareengineeringdaily.com\/"},{"@type":"ListItem","position":2,"name":"Grapl: Graph-Based Detection and Response with Colin O&#8217;Brien"}]},{"@type":"WebSite","@id":"https:\/\/softwareengineeringdaily.com\/#website","url":"https:\/\/softwareengineeringdaily.com\/","name":"Software Engineering Daily","description":"","publisher":{"@id":"https:\/\/softwareengineeringdaily.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/softwareengineeringdaily.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/softwareengineeringdaily.com\/#organization","name":"Software Engineering Daily","url":"https:\/\/softwareengineeringdaily.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2022\/01\/cropped-logo-new.png?fit=296%2C139&ssl=1","contentUrl":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2022\/01\/cropped-logo-new.png?fit=296%2C139&ssl=1","width":296,"height":139,"caption":"Software Engineering Daily"},"image":{"@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/twitter.com\/software_daily"]},{"@type":"Person","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/822f06fe7d6f895baba29a9c0a3aa6c8","name":"SE Daily","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b92f4cf3dc4d94f73834f83e2a22a372?s=96&d=retro&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b92f4cf3dc4d94f73834f83e2a22a372?s=96&d=retro&r=pg","caption":"SE Daily"},"description":"The SE Daily podcast.","sameAs":["https:\/\/softwareengineeringdaily.com"],"url":"https:\/\/softwareengineeringdaily.com\/author\/erikawho\/"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2020\/05\/Grapl.png?fit=1530%2C742&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p7GuoD-2qw","_links":{"self":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/posts\/9332"}],"collection":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/comments?post=9332"}],"version-history":[{"count":0,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/posts\/9332\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/media\/9340"}],"wp:attachment":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/media?parent=9332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/categories?post=9332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/tags?post=9332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}