Internship Training Report

on
Spotter Query Parser
by
Aryan Agarwal
(11707334)
CSE441
About Company

Securonix is privately held security solutions provided based in Texas, USA. It was founded in 2007.
 About Company

Securonix founder and CEO Sachin Nayyar

Total number of employees 700-1000.

Company specialize in Security products like SIEM and UEBA.
About Company
Some of the products are:

1. Next-Gen SIEM
2. UEBA
3. Security Orchestration Automation and Response
4. Network Detection and Response
5. Security Data Lake
About Company
Project – Spotter Query Parser

SNYPR ingests petabytes of data generated in large organizations, processes it

and analyzes it in real-time using a combination of user and entity behavior
analytics (UEBA), unsupervised Deep Learning, and threat modeling to deliver
true predictive threat detection and unprecedented historical investigation
capabilities.
Spotter is a lightning fast, natural language search engine that uses normalized search syntax and
visualization techniques to provide threat hunters the tools they need to investigate current
threats and trends, and track advanced persistent threats over long periods of time.
Project – Spotter Query Parser

Spotter Query Language

Tools Used

ANTLR (ANother Tool for Language Recognition) is a powerful

parser generator for reading, processing, executing, or translating
structured text or binary files. It's widely used to build languages,
tools, and frameworks. From a grammar, ANTLR generates a parser
that can build and walk parse trees. Developed by Terence Parr.

Popular used in Groovy, Apple’s Spreadsheet, Salesforce’s Apex,

Apache Casandra and MySQL Workbench etc.
Tools Used

grammar Expr;
prog: (expr NEWLINE)* ;
expr: expr ('*'|'/') expr
| expr ('+'|'-') expr
| INT
| '(' expr ')'
;
NEWLINE : [\r\n]+ ;
INT : [0-9]+ ;

Sample Grammar Antlr Working

Parse Tree for:
100 + 2 * 34 \n
Tools Used

Logging Frameworks Testing

Challenges
• Extensible Design
• Efficient Error Strategy
• Efficient Suggestions System
• Separating Parsing and language conversion
Conclusion
The internship at Securonix have been a great learning journey. It helped me a lot not only in improving
my technical skills but also improved my industrial exposure and cooperate mindset. This internship is
teaching me a lot of new technologies and opportunity to work on a multifaceted project. During the
internship I was mentored by very capable and talented engineers who made me explore many new
technologies and ways of doing things. The internship taught me to importance of work discipline and
commitment to my work and also the importance of teamwork.
Thank
You!