Last months I saw various post on the Databricks Security Analysis Tool (SAT), which is very valuable to me and really help me Architecting the Databricks platform at scale. This is really protecting the front door. Making sure nobody comes in or out.
But what if the attackers are already in, what if somebody from your own organization is leaking your data. And maybe you’re asking right now, do I know if that’s the case in our Databricks environment?
So when studying these scenarios, I got pointed by Databricks themselves about the following GitHub project: GitHub – databricks-solutions/cybersec-workspace-detection-app: Databricks System Access Audit Detections for Security Teams ยท GitHub. And I would really advise everybody who values security on Databricks to have a look at this.
In a nutshell, you’ll get this (as stated in the GitHub project):
This detection app provides 30+ pre-built security detection notebooks designed for security operations teams to monitor Databricks workspace activities. The detections cover various security scenarios including:
๐ Authentication & Access Control: Token creation/deletion, MFA changes, SSO configuration changes
๐ User Management: Account creation/deletion, role modifications, group changes
๐ Session Security: Session hijacking detection, multi-device login patterns
๐ Administrative Activity: Privilege escalation, admin activity spikes
๐ Audit & Compliance: Verbose logging changes, audit configuration tampering
For the original LinkedIn post click here.
