Panther Labs Glossary

Filters, monitors, and blocks HTTP traffic to and from a web service, and is a type of application firewall. It can prevent attacks that exploit a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and poor system configuration, by examining HTTP traffic.

Web application firewall

A data lake is a system or repository that stores data in its natural/raw form, commonly in the form of object blobs or files. A data lake is a collection of data that includes unprocessed copies of source system data, sensor data, social data, and converted data for reporting, visualization, advanced analytics, and machine learning.

Data Lake

Security information and event management (SIEM) is a subset of computer security that combines security information management (SIM) with security event management (SEM) in software products and services (SEM). They analyze security alarms issued by apps and network devices in real time.

Security Information and Event Management

The collecting of data such as log files into a single repository for trend analysis is referred to as security information management in the information security business.

Security Information Management

Computer security disciplines such as security event management, SIM, and SIEM employ data inspection tools to centralize the storage and analysis of logs or events created by other software running on a network.

Security Event Management

The same way infrastructure as code and configuration-as-code are about machine-readable specification files and descriptive models for constructing infrastructure at scale, detection-as-code is a methodical, flexible, and complete approach to threat detection driven by software.

Detection as Code

is the idea that an IT environment may become so automated and separated from its underlying infrastructure that it no longer requires an in-house software management staff. Maintenance and other functions performed by the operations staff would be automated under a NoOps situation.

Zero Operations

No Operations

Cloud-first strategies are operational methods in which teams shift all or most of their infrastructure to cloud computing platforms such as Amazon Web Services, Google Cloud, or Microsoft Azure. They store resources—even mission-critical and secure resources—in the cloud rather than employing physical resources like server clusters.

Cloud-first

is an interpreted high-level general-purpose programming language. Python's design philosophy emphasizes code readability with its notable use of significant indentation. [Wikipedia]

Python Programming Language

is the practice of merging all developers' working copies to a shared mainline several times a day. Grady Booch first proposed the term CI in his 1991 method, although he did not advocate integrating several times a day. [Wikipedia]

Continuous integration

is a software engineering approach in which teams produce software in short cycles, ensuring that the software can be reliably released at any time and, when releasing the software, without doing so manually. It aims at building, testing, and releasing software with greater speed and frequency. [Wikipedia]

Continuous delivery

A data warehouse, also known as an enterprise data warehouse, is a reporting and data analysis system that is an important part of business intelligence. DWs are central data warehouses that combine data from a variety of sources.

Data Warehouse

is a software licensing and delivery strategy in which software is licensed and hosted centrally on a subscription basis.

Software as a service

On-premises software (also known as on-premises, and sometimes shortened on-prem) is installed and executed on computers on the user's or organization's premises, rather than at a remote facility like a server farm or cloud.

On-premises software

In computer forensics, an indicator of compromise is an artifact found on a network or in an operating system that strongly suggests a computer breach.

Indicator of compromise

An IP address (Internet Protocol address) is a numerical designation, such as 192.0.2.1, that is associated with a computer network that communicates using the Internet Protocol.

IP address

Within a federation or dispersed network, it is a system entity that produces, maintains, and manages identity information for principals, as well as providing authentication services to reliant applications.

Identity Provider

is an Amazon company that offers metered pay-as-you-go cloud computing platforms and APIs to people, businesses, and governments. These web services for cloud computing include a variety of fundamental abstract technological infrastructure and distributed computing building blocks and utilities.

Amazon Web Services

Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services that provides object storage through a web service interface. Amazon S3 uses the same scalable storage infrastructure that Amazon.com uses to run its global e-commerce network. [Wikipedia]

Amazon S3

The Application Load Balancer is an Elastic Load Balancing technology that lets developers design and redirect incoming end-user traffic to AWS public cloud applications.

Application Load Balancer

is an open standard file format and data exchange format that stores and transmits data objects made up of attribute–value pairs and arrays using human-readable language. It's a popular data format with a wide range of applications in electronic data interchange, including online applications that communicate with servers.

JavaScript Object Notation

is a curated knowledge base and model for cyber adversary behavior that reflects the many stages of an adversary's attack lifecycle as well as the platforms they are known to target.

MITRE Adversarial Tactics, Techniques, and Common Knowledge

is a 501 non-profit corporation founded in October of 2000. Its purpose is to make the connected world a safer place by creating, validating, and promoting timely best practice solutions that assist individuals, organizations, and governments in defending themselves against widespread cyber threats.

Center for Internet Security

SOAR platforms are a set of security software solutions and applications that allow you to browse and collect data from a range of sources. SOAR enables businesses to gather threat-related data from a variety of sources and automate threat responses.

Security Orchestration, Automation and Response

Amazon Web Services provides an application program interface (API) for call recording and log monitoring (AWS). AWS CloudTrail enables AWS customers to record API calls and store the resulting log files in Amazon S3 buckets.

AWS CloudTrail

is an on-demand adjustable pool of shared resources allocated inside a public cloud environment that provides a degree of isolation between the many companies (hence referred to as users) who use the resources. The isolation of one VPC user from all other users of the same cloud (both VPC and public cloud users) is often done by allocating a private IP subnet and a virtual communication construct (such as a VLAN or a set of encrypted communication channels) per user.

Virtual private cloud

is a set of corporate procedures, regulations, and technology designed to make managing electronic or digital identities easier. Information technology (IT) administrators may regulate user access to vital information within their businesses using an IAM architecture.

AWS Identity and Access Management

is a cryptographic network protocol for running network services across an unprotected network in a safe manner. Remote command-line, login, and command execution are common uses, although SSH may be used to protect any network service.

Secure Shell

is the process of transferring data from one or more sources into a destination system that portrays the data differently or in a different context than the source(s) (s). In the 1970s, the ETL process became a popular idea, and it is now widely employed in data warehousing.

Extract, transform, load

is a standardized programming language for managing relational databases and performing different operations on the data contained inside them. Following its introduction in the late 1970s and early 1980s, SQL became the de facto standard programming language for relational databases.

Structured Query Language

Ceki Gülcü created a Java-based logging program called logger. It's part of the Apache Software Foundation's Apache Logging Services project. One of numerous Java logging frameworks is Log4j.

Apache Log4j

is a database of information security concerns that have been made public. A CVE number is a unique identifier for one of the vulnerabilities in the list. CVE and its accompanying CVSS ratings are commonly used by businesses for vulnerability management planning and prioritizing.

Common Vulnerabilities and Exposures

is a type of cyber-attack in which an attacker may remotely execute commands on another person's computer. Remote code executions (RCEs) are generally caused by harmful software that the host has downloaded and can occur independent of the device's geographic location.

Remote code execution

is a tool for discriminating between interleaved log data from various sources. When a server is handling several clients near-simultaneously, log output is frequently interleaved. The MDC is controlled on a thread-by-thread basis.

Mapped Diagnostic Context

is a JavaTM programming language application programming interface (API) that offers name and directory capabilities to JavaTM applications. It's designed to work with any directory service solution.

Java Naming and Directory Interface

is a physical or logical subnetwork that houses and exposes an organization's external-facing services to an untrusted, generally bigger network like the Internet.

Demilitarized Zone

is a US federal agency that operates under the Department of Homeland Security's supervision. The National Protection and Programs Directorate's activities are carried on by it.

Cybersecurity and Infrastructure Security Agency

is a software protocol that allows anybody to find information about organizations, persons, and other resources in a network, including as files and devices, whether on the public Internet or on a corporate Intranet.

Lightweight Directory Access Protocol

is the full domain name for a specific machine on the internet, often known as a host. The hostname and the domain name are the two elements of the FQDN. An FQDN for a hypothetical mail server may be mymail.somecollege.edu, for example.

Fully Qualified Domain Name

is one of the Internet protocol suite's most important protocols. Its origins may be traced back to the first network implementation, when it was used to supplement the Internet Protocol (IP). As a result, TCP/IP is usually used to refer to the full suite. TCP ensures that a stream of octets (bytes) is delivered in a reliable, orderly, and error-checked manner between applications operating on hosts connected by an IP network. TCP, which is part of the TCP/IP suite, is used by major internet services such as the World Wide Web, email, remote administration, and file transfer. SSL/TLS is frequently used in conjunction with TCP.

Transmission Control Protocol

is one of the Internet protocol suite's most important members. Computer programs can deliver messages, referred to as datagrams in this example, to other hosts on an Internet Protocol (IP) network using UDP. Setting up communication channels or data pathways does not necessitate prior communication.

User Datagram Protocol

As part of a communications protocol, a signal is delivered between communicating processes, computers, or devices to indicate receipt of a message.

Acknowledgement

is a method of administering and deploying computer data centers using machine-readable definition files rather than physical hardware or interactive setup tools.

Web application firewall (WAF)

All terms

Create your own glossaries

Web application firewall .css-1mncdf{color:var(--chakra-colors-blue-200);}(WAF)

All terms

Create your own glossaries

Web application firewall (WAF)