DETECTION & CONTENT

Rearc Security Content Library

As a Databricks partner and an early Lakewatch partner, Rearc maintains a growing library of security content that accelerates adoption of the platform. We've built it from our own expertise and from real customer deployments, so teams start with coverage instead of a blank slate.

Talk to our team ↓

What's inside

Lakewatch presets
Lakeflow community connectors
Cyber AI skills
Detection library

Lakewatch presets

20+ out-of-the-box data-source presets that automatically ingest, parse, and normalize common security sources.

AWS CloudTrail

AWS CloudWatch

AWS Network Firewall

AWS VPC Flow Logs

Azure Entra ID

Azure Firewall

CrowdStrike Falcon FDR

Databricks System Tables

Linux auditd

Microsoft Defender

Okta System Log

ServiceNow CMDB

Snyk Vulnerabilities

Windows Event Log

Wiz API

Zscaler ZIA Web

Zscaler NAB

Zscaler ZPA

Beyond presets

Lakeflow community connectors

Open-source connectors that extend Lakeflow Connect to sources Rearc maintains. Pull event streams from Wiz CSPM, Snyk, Google Workspace, Entra ID, and more in development.

Cyber AI skills

Databricks Genie-compatible agent skills that give cyber teams running Lakewatch helpful techniques, custom workflows, and best practices. More coming soon.

Detection library

Built on our Splunk SPL to PySpark transpiler, the library brings common open-source detections to Lakewatch as SQL and PySpark queries, covering normalized OCSF event streams and vendor sources like AWS, Azure, Windows, Linux, Cisco, and Zscaler.

MITRE ATT&CK coverage

Detections mapped against the MITRE ATT&CK Enterprise framework.

210

Unique techniques covered

1,251

Detection-technique mappings

Tactics represented

Put the library to work

Tell us which sources and detections matter most to your team, and we'll help you light up coverage on Lakewatch.