Bricks
Bricks are the fundamental building blocks of DTACT. They are modular, reusable code components that extend the platform's capabilities across data integration, transformation, visualization, and automation.
A Brick is a self-contained piece of code (Python) that performs a specific function within DTACT. Bricks can:
- Fetch data from external APIs
- Transform and enrich data
- Create custom visualizations
- Power detections and playbooks
- Add user-defined functions to the query engine
- Add user-defined functions to the assistant
Brick Types
Dynamic Query Bricks
Dynamic Query Bricks bring data from external sources into DTACT's data engine. They register one or more tables that can be queried using SQL.
Capabilities:
- Connect to REST APIs, databases, object storage
- Connect to databases (PostgreSQL, MySQL, ClickHouse, etc.)
- Auto-detect table schemas
- Support query pushdown for efficient filtering
- Return data as Arrow record batches
Example Use Cases:
- Integrating threat intelligence feeds
- Connecting to SIEMs and log aggregators
- Accessing cloud provider APIs (AWS, Azure, GCP)
- Connecting to internal databases
Table Bricks
Table Bricks return data for a specific table. Unlike Dynamic Query Bricks (which can provide multiple tables), a Table Brick focuses on a single data source.
Capabilities:
- Fetch data from APIs or files
- Generate synthetic data
- Process streaming data
User Defined Function (UDF) Bricks
UDF Bricks add custom functions to the data engine that can be called directly in SQL queries.
Example:
SELECT geopandas_lat_lon_to_utm(0, 0)
This query executes a UDF defined in a "geo udf" brick.
Capabilities:
- Call external APIs from within queries
- Run machine learning models
- Perform complex transformations
- Extract structured objects from unstructured data
Playbook Bricks
Playbook Bricks are used within the Action module to automate workflows and responses.
→ See Action for more details.
Managing Bricks
Brick Management UI
Access Brick Management via Settings → Brick Management in the classic portal. From here you can:
- View all available bricks
- Edit brick code and configuration
- Test brick execution
- Manage brick versions
Git Integration
Bricks are version-controlled using Git. To clone your brick repository:
- Create an access token in Settings → User → Session Tokens
- Clone the repository:
git -c http.sslVerify=false clone https://<instance>/git/<brick-repo-id>
Branch Strategy:
active— If this branch exists, it's used for all brick executionmain(latest) — Default branch, used when active doesn't exist
Brick Configuration
Each brick can have configurable parameters:
| Parameter Type | Description |
|---|---|
| String | Text input |
| Number | Numeric values |
| Secret | Encrypted credentials (stored in Secrets) |
| Multi-string | List of strings |
| Boolean | True/false flags |
If you need help creating a brick, please reach out to our solutions team or your dedicated account manager to guide you through the process.