In the realm of data analysis, context is king. At the outset, it entails core manifestations that extend the awareness domain into more cohesive forms of understanding. Context breathes life into raw input by providing a framework to correctly interpret suitable data points, allowing analysts to discern patterns, detect anomalies, and make informed decisions.
We're talking about contextualization through enrichment—the principled application of additional layers of relevant information and data sources that enhance depth and accuracy. Doubling down on this perspective, fields like cybersecurity have somewhat appropriated these guidelines to deal with a superabundance of system logs, creating a more robust and effective threat detection and response environment; the lack thereof suggests diminished visibility, increased noise and false positives, and reduced proactive threat hunting.
Last month, with the introduction of our no-code, API-driven custom enrichment feature, we took yet another giant leap to empower a broader audience to incorporate data enrichment capabilities into their spreadsheet projects, regardless of technical background. Now, you can open, combine, and explore billion-row log files in Gigasheet and enrich the logs with 3rd party data to gain context, making your log file analysis even more productive.
This article provides an extended backdrop on the significance and impact of such a feature and some of the challenges it addresses.
Let's jump right in.
SecurityTrails: A Case Revisited
As many of you know, our recent "30 Days of Enrichments" initiative showcased multiple no-code API calls made possible by our newest feature: custom enrichment (cURL).
A notable example included SecurityTrails—a leading intel-reconnaissance and threat intelligence provider holding vast amounts of current and historical DNS, IP, and Domain security data. Part of the effort consisted in obtaining hostname details from a list of domains. Informally, pulling hostname information can be like peering through a digital keyhole for cyber researchers.
With this information, researchers can embark on a digital reconnaissance mission, extracting intelligence about an organization's server architecture. Furthermore, hostname information plays a role in malware analysis, whereby investigators can identify command-and-control servers, communication patterns, or malicious domains linked to malware campaigns.
A less conspicuous (yet practical) raison d'être for pulling DNS information has to do with historical records. These can reveal a domain's lifespan, ownership transfers, or potential rebranding efforts. Such knowledge allows researchers to establish a timeline of events, identify past associations, and uncover any suspicious or malicious activities that might have occurred.
Let's revisit how Data Enrichment APIs help our integration needs by opening another sample dataset containing a single hostname: example.com, based on NS records. In Gigasheet, head to the Enrichments function and select Custom Enrichment. Here, we'll be inserting our API call to SecurityTrails in search of nameserver values:
Next, we’ll replace the default oracle.com placeholder in the GET request using the domain column reference:
Finally, we get a preview of the results. Typically, Gigasheet lets you see the first three rows of your new spreadsheet, where you can select any required fields. In our case, it’s just the row containing example.com, so we’re ready to move on by choosing all available records—we’ll do a bit of cleaning up after:
Once finished, Gigasheet will refresh the page and include data from the custom enrichment.
From hereafter, the choice is yours. Log file analysis can take you in many directions, depending on your goals and strategy. A simple use case would be to look for all associated nameservers—we can accomplish this by setting our columns to reflect the following:
After a bit of column renaming, we finally get the results we’re looking for:
Supercharged Log File Analysis
Supercharging your file log analysis should no longer be about lengthy procedures or complicated workflows. Like in the SecurityTrails example, companies can now look to Gigasheet to streamline the API-based data enrichment process seamlessly and intuitively.
By eliminating the need for complex coding or technical expertise, Gigasheet simplifies using data enrichment APIs, enabling cybersecurity teams to focus on analysis and generating actionable intelligence. In fact, with Gigasheet's new no-code API custom enrichment capabilities, organizations can effortlessly retrieve and consolidate valuable data from various sources, empowering them to extract meaningful insights and make informed decisions with unparalleled efficiency.
The ease of a spreadsheet with the power of a database, at cloud scale.
.png)
