Show HN: Venator – Open-source threat detection
github.coma flexible threat detection platform that simplifies rule execution and management with k8s cronJobs and helm. flexible enough to run standalone or with other schedulers like hashicorp nomad.
Finding a good "alert manager" compatible with many database is not easy. At work we're using https://github.com/jertel/elastalert2 with custom rules, but it's only targeting Elastic/Opensearch.
Seems to me like the value of a threat detection platform would be the detections themselves. With just the platform, and no detections, you have a foundation but the bulk of the work hasn't been started yet. If you're large enough to need a threat detection platform, you're probably large enough to be able to afford a product that has security engineers behind it constantly pumping out new detections for novel vulnerabilities.
Two areas where this could help, at a first glance - 1. speed-up new pipelines / connectors / onboarding for new tools and 2. snr for alerts based on integration with LLMs. There are a lot of low hanging fruits in having an "agentic" system look over alerts that traditionally were just muted based on heuristic thresholds, just in case something important slips through. Being MIT of course helps with both.