You can collect API responses,files and screenshots in a datal lake or using frozen lake. You can easily expand frozen lake with your own collectors or use the built in ones. Data can be stored in self hosted storage or using s3 protocol in the cloud. You can apply pattern matching at scale to the collected data to assess compliance in near real time. Monitor your controls and comply with various control frameworks like nist sp800-53, ISO27001 or PCI-DSS. Perform what-if analysis to proactively identify gaps before going into an audit or even during planning the introduction of a new compliance regiment. Compliance doesn’t need to be painful even if you are an engineer.
Features: - Flexible framework to collect data from virtually any source. - Trigger data collection on a schedule or on certain events. - Data quality checks are built-in to make sure completeness,accuracy and timeliness of the data you collect. - Built-in rule set and data mapping to get you going in minutes rather than months. - You need something more bespoken? Build your own rules or connectors quickly and easily. - Your data is under your control no fine prints. Store your data on your storage or move it to any cloud provider, you can even mix and match and move data around anytime. - Go beyond pattern matching by running analytics and get the right metrics to improve your decision making.
Have you ever wished that storing logs and searching them would be cheap and easy? Get you logs collected and stored on disk and query them using SQL. No need to setup complicated infrastructure and you can store your data either on the cloud or locally, you can even mix and match. Get used to sub second queries by moving processing next to your logs on a single server or even on your dev laptop.
Features: - Optimisied for low latency during search. - Single binary for ease of use - Data portability by using transparent standard formats and structures - Self-hosted to ensure privacy and security
## AppSec ruler
Get feedback from your developers on the configuration of your security tooling. By getting feedback on each finding or rule you can quickly catch rules that generate noise rather than insights. Track your static analyser findings and ruleset in a central location and synchronise them across pipelines and local development environments.
Features: - collect findings from any tool supporting sarif format - manage stratic analyser ruleset in multiple pipelines even in your local IDE - run analytics and gain insight on the findings to optimise your ruleset and manage exclusions - get rid of inline exclusions that quickly got forgotten and out of date
If you want o be the first one to try and influence the roadmap contact us.