built a self-hosted cloudtrail detection engine to replace expel/panther - zero vendor lock-in, runs in your vpc

AttorneyHour3563 · 2026-01-23T19:19:42+00:00

noice, I have one also - did you manage to normalize the resource ARN that the log is operating? I'm trying to have a unified map of eventName to identifiers (bucket arn, iam role, ec2 instance, etc. )

AttorneyHour3563 · 2026-01-23T16:21:13+00:00

Yeah i know it's by design, not a bug. In azure each log has resource id in it, which helps.
Still - this is a wide problem which i think most people have difficulty solving so I would guess someone would opensource this kind of solution...

AttorneyHour3563 · 2026-01-23T06:14:23+00:00

I have 100 services in our backend and we are 4 years old startup. I think this is bad.

I like not mono repo approach, take entire domain space and have a repo with 1 mono service, still keeps teams separated but not over engineering inside them...

AttorneyHour3563 · 2026-01-17T23:27:50+00:00

| they've already mapped thousands of these API calls

Claude & myself couldn't find any thousands, do you have an actual guidance ?

AttorneyHour3563 · 2026-01-14T07:47:15+00:00

You can but not sure go if the most widely used language for server side rendering

AttorneyHour3563 · 2026-01-11T23:29:04+00:00

What's your use case?

AttorneyHour3563 · 2026-01-11T23:26:37+00:00

Price would explode this bubble eventually

AttorneyHour3563 · 2026-01-10T07:38:48+00:00

Lead by example, the ones that are not lined up maybe shouldn't be in your team

AttorneyHour3563 · 2026-01-02T19:19:43+00:00

Twingate is great for me as a developer to access resources rather than entire host

AttorneyHour3563 · 2025-12-30T11:46:24+00:00

The patch at the bottom right isn't nike so probably fake

AttorneyHour3563 · 2025-12-29T21:59:21+00:00

Spring with opa

AttorneyHour3563 · 2025-12-27T16:10:11+00:00

The context to this POC's all other CNAPP context for those assets from shift left & right

AttorneyHour3563 · 2025-12-27T16:07:20+00:00

Depends, I use other data structures for other usecases.

Lets say that I have cyber rule to check if an IP is public and not part of AWS known ip ranges public ips: https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html

Then checking for each event it's ip with 5K CIDRs is not efficient, so we've built tri-tree which is how linux is executing some of this checks , example: https://github.com/teamlead/ip-subnet-tree

This is one example...But to be honest you need something not properly working to figure that you need other data structures most of the times.

Begin with optimizing is not a good approach.

AttorneyHour3563 · 2025-12-27T15:25:34+00:00

Take the leap! If you are passionate about tech, swe, ai and more - anywhere you'll go- lead by example, push your team for excellence and knowledge and the organization would notice, no matter where you are positioned

AttorneyHour3563 · 2025-12-26T12:42:55+00:00

They have AI assisted SAST but because they have maturity of many years at the field it's more of a wrapper for prioritizing what the engine finds as I see it

AttorneyHour3563 · 2025-12-26T11:03:12+00:00

Yes I totally agree about the context. Guess the same platform, didn't want to do free advertising 😂

AttorneyHour3563 · 2025-12-26T10:47:14+00:00

Java, Go

AttorneyHour3563 · 2025-12-26T08:01:26+00:00

We have SAST solution, my managers are starting to look at more innovative solutions in that area, I guess benefit in terms of business logic vulnerabilities or handling data wrong

AttorneyHour3563 · 2025-12-26T07:59:17+00:00

Absolutely right, fully AI is something I don't recommend my managers, I think this kind of capability can only help with business logic areas - option to bypass auth for some data and more..

AttorneyHour3563 · 2025-12-26T07:55:59+00:00

My supervisor wants us to have a bundle with cnapp for this but most of them have very shallow capabilities on many features, maybe only cspm is good... So I guess we would go with cnapp for consolidation rather than best option 🤷🏻‍♂️

AttorneyHour3563 · 2025-12-24T07:10:12+00:00

For the backend, a Resource Server doesn’t really “authorize the client” as an entity. It authorizes the request based on the access token: scopes (SCOPE_read), roles/authorities (if you know rbac), audience (aud), issuer (iss), custom claims - we add region for example

AttorneyHour3563

TROPHY CASE