006 Common Data Models: to use or not?

preview_player
Показать описание
Episode 006 discusses the broader question of whether to use a common data model like Open Cybersecurity Schema Framework (OCSF) or not. It outlines the options including schema-on-write and schema-on-read approaches, and also elucidates the trade-offs especially in the context of Databricks Lakehouse for cybersecurity. The video also demonstrates how you could even query Zeek logs (extracted from PCAP using Zeek) in cloud storage without ingesting that data into delta lake format if you really need to trade performance for cost savings.

All opinions expressed in the video are my own and do not necessarily reflect the views and opinions of my employers past or present.
  1. lipyeow-sec
Рекомендации по теме
006 Common Data 0:08:27

006 Common Data Models: to use or not?

NSO Dev Days: 0:29:42

NSO Dev Days: Common Data Models

Common Data Model 0:14:25

Common Data Model - Mini Tip 1

BioIT 2020 Talk 0:19:48

BioIT 2020 Talk - A Common Data Model

Conceptual vs Logical 0:05:00

Conceptual vs Logical Data Models - What are the key differences?

Common Data Model 0:02:17

Common Data Model

What do we 0:33:10

What do we mean when we say “data model”?

Common Data Model 3:27:23

Common Data Model & Extract, Transform and Load Tutorial

Common Data Model 0:54:45

Common Data Model CDM and Common Data Service CDS Oh My! Stoneridge Confab

How to Accelerate 0:03:35

How to Accelerate CIM Data Models — Splunk for Security Tutorials: Normalisation (Episode 2)

10 Steps to 0:13:41

10 Steps to Optimize Your Data Model in Power BI

DBCC2020 - Common 0:30:18

DBCC2020 - Common Data Model

Data Concepts & 0:11:04

Data Concepts & Types | Intro to BI | Part 6

(3) Kollaboration in 0:07:06

(3) Kollaboration in BIM-Projekten mittels Common Data Environment (CDE) - Christoph Großmann

06: Data Models, 1:29:26

06: Data Models, Schemas, & Google Dremel (BigQuery, Protobuf)

Standardize Your Research 1:19:38

Standardize Your Research Data with the NIH Common Data Elements Repository

How to read 0:06:23

How to read Conceptual Data Models - Ellie.ai

How to Read 0:10:21

How to Read and Understand Common Data Charts

Introduction to Dataverse 0:31:42

Introduction to Dataverse Tables | Common Data Model | How to Create a Table | Shaheer Ahmad

Step 2 - 0:03:23

Step 2 - Common Data: Save time and money in you Civil Design workflow

Data profiling for 0:10:23

Data profiling for data quality assessment - Clinical Data Models and Data Quality Assessments

What is Common 0:02:20

What is Common Data Environment? | Studio4

Master Data Modeling 2:09:21

Master Data Modeling in Power BI - Beginner to Pro Full Course

Why R? Webinar 1:00:53

Why R? Webinar 006 - N.Zumel + J.Mount - Advanced Data Preparation for Supervised Machine Learning

Комментарии
Автор

Mostly semantics, however I would still consider direct queries against the raw files to be part of the medallion model bronze layer, but I would register those as views against the raw files, vs materializing them as bronze delta tables. Those bronze views could still be used as a source for further ELT into silver tables at a later point if needed, or would be read and available for ad-hoc analysis whenever needed.

Also, with different teams, use-cases, and evolution of industry data model preferences over time, there may be situations where the raw data needs to be simultaneously mapped to multiple data models, eg OCSF (relatively new) + CIM (established). In these cases, support for each individual data model would have a discreet schema on read/write mapping decision based on how each model was intended to be utilized and for how long it is expected to be maintained.

rlhf