Developer Builds AI-Powered SOC Analyst Using Microsoft Sentinel and Google Gemini

·1 views

A developer has created an agentic Security Operations Center (SOC) analyst that combines Microsoft Sentinel, Azure Log Analytics, and Google Gemini to automate threat-hunting workflows. The system converts natural-language queries into Kusto Query Language (KQL), executes them against Azure Log Analytics, and returns structured findings with MITRE ATT&CK technique mappings. Every table and field selected by the AI model is validated against a strict allow-list before any query runs, preventing hallucinated or unsupported inputs from reaching Azure infrastructure. To enable safe testing without exposing real data, the developer also built utilities to generate synthetic log datasets that can be ingested into test workspaces. The project is ongoing, with planned improvements including multi-step investigation planning, better evidence correlation, and support for additional SIEM platforms.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Open-Source Tool 'higi' Claims to Auto-Repair Malformed LLM Outputs in Under 15 Microseconds

A developer has released an open-source Python library called 'higi' designed to prevent production crashes caused by malformed or truncated JSON outputs from large language models like OpenAI and Gemini. The tool acts as a middleware layer that intercepts raw LLM strings before they reach application logic, automatically fixing common issues such as missing brackets, Python-style single quotes, and incorrect boolean formatting. Using a single decorator called @shield, developers define a target data schema and a fallback state, ensuring their functions always receive clean, correctly typed data. Benchmarks conducted over 50,000 iterations show the healing process adds roughly 15 microseconds of latency per call, which the author notes is negligible compared to a typical LLM response time of around one second. The library is available on PyPI via 'pip install higi' and its source code is hosted on GitHub.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Why Your CSS Reset Should Be the First Layer of Your Design System

Developers building design systems often start with generic community CSS resets like Normalize.css or Eric Meyer's Reset, but these tools are deliberately universal and know nothing about a project's specific design language. This creates a redundant workflow where designers must apply their typeface, spacing, color, and focus styles on top of defaults they will inevitably override. The article argues that a CSS reset should encode design tokens — such as typography, color, and spacing variables — directly, rather than serving as a neutral prerequisite. By compiling design tokens into CSS custom properties and writing the reset against those variables, teams establish a single source of truth from the very first stylesheet. This approach eliminates invisible dependencies and redundant style declarations that otherwise spread across every component in the system.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

How Nod Builds Secure, Auditable Human Approval Workflows

Nod is a workflow platform that treats human approvals as a formal security system rather than a simple UI interaction. Each approval is stored as persistent state with statuses such as pending, approved, rejected, expired, or canceled, ensuring only one final decision is accepted even under race conditions. The platform integrates with Slack by verifying message signatures, validating approval context, and updating messages after a decision to prevent reuse of old action buttons. Nod also signs all webhook callbacks so downstream applications can cryptographically verify requests before proceeding. The system is designed around core principles including authorization, idempotency, expiration handling, webhook signing, retry logic, and audit logging.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Why hiding complexity in distributed systems creates more problems than it solves

Engineers building distributed system platforms often mistake hiding complexity for managing it, resulting in fragile systems that appear simple but behave unpredictably under real-world conditions. A true abstraction transforms complexity into a manageable form by handling concerns like retries, idempotency, and conflict resolution, whereas an illusion merely wraps underlying problems in a cleaner interface. Shortcuts driven by delivery pressure — such as caching layers without proper eviction or consistency policies — tend to collapse when systems face production load. Experts argue that platforms should instead expose meaningful trade-offs, such as those defined by the CAP theorem, and provide users with tools to navigate them. While this approach demands greater upfront investment, it yields more robust, predictable, and maintainable distributed systems over time.

0 comments Read more at DEV Community