Project SLAM.webp

SLAM: Security.Logging.Alert.Monitoring Platform

"Uniting the Powers of SecOps to Slam Down False Positives and Defeat APTs"

High-Level Overview

SLAM is an enterprise-ready, API-first SaaS platform specializing in cloud detection engineering, hunting, and incident response. Built natively on GCP, it offers seamless integration with existing data lakes and SIEM solutions. SLAM focuses on ingesting Cloud Native and SaaS logs for threat detection, hunting, and incident response, aligning with MITRE ATT&CK and OODA Loop principles.

Core Components

  1. API-First Development: RESTful APIs for deep and robust integrations.
  2. Database: Google Cloud Spanner for scalable and consistent data management.
  3. Security Data Lake: Google BigQuery for fast log querying and long-term storage.
  4. Monitoring & Logging: GCP's Stackdriver for comprehensive insights.
  5. Security: Vault for secret management, IAM for access control.
  6. CI/CD: GitHub Actions for automated pipelines, integrated with Postman/Newman for API testing.

Advanced Features

  1. Custom Schema Management: Define custom schemas for log transformation.