Ugly Green Logo

4n6ir.com

Container Registry

GitHub Organization

Slack Workspace

January 14, 2024

Cloud IP Address Enrichment Redesign

by John Lukach

Distillery was the most expensive code I ran in my Amazon Web Services (AWS) environment to help support incident response. It did not support offline data enrichment for threat detection and machine learning opportunities either. I still needed the capabilities, but it was time for improvements.

  1. Removed Docker containers, as patching is an endless task
  2. Improved code structure, quickly adding eight new sources
  3. Limited frequency checks from hourly to daily
  4. Switched from DynamoDB to SQLite database
tags: Cloud - IP - SQLite