Komal
Senior Software Engineer
Authored Publications
Sort By
Preview abstract
This paper introduces Operationalized Temporal Entity Resolution, a distributed system architecture designed to resolve data consistency challenges in modern Security Information and Event Management (SIEM) environments. processing petabytes of high-velocity telemetry. We address the critical failure mode of ”State Smearing”—a temporal discrepancy between an entity’s state at event time versus analysis time—which frequently corrupts forensic timelines, particularly regarding ephemeral assets like containers and DHCP leases. Our approach coalesces heterogeneous data from diverse log sources into a single, canonical representation, processing over 2 billion entity fragments daily. By leveraging a deterministic Dynamic Graph Resolution via modified distributed connected components and a novel Density-Aware Temporal Checkpointing algorithm, we generate precise validity intervals. This method embeds temporal state directly into the resolution graph, eliminating the need for computationally expensive query-time joins. Ultimately, this architecture enables security analysts to perform ”time-travel” queries to reconstruct historical states accurately. Analysis of a production environment demonstrates that 8–16% of threat detection rules critically depend on this enriched temporal merging.
View details
