Skip to main content

Fusion

Fusion is DTACT's cloud-based data lakehouse that brings all your data sources together in one unified platform for querying, analysis, and monitoring. It provides a centralized view of all data sources integrated into your DTACT instance, enabling you to discover schemas and tables, monitor data source health, query across multiple sources with SQL, and manage connections and credentials.

Data Hierarchy

DTACT organizes data in a clear hierarchy:

Datalake → Schemas → Tables → Fields

Datalake

Each team has access to their own datalake — a secure, isolated data environment containing all ingested data sources. The datalake acts as the foundation for all queries and analysis.

  • Team Access — All team members can access the team's datalake
  • Cross-Team Sharing — Data can be shared between teams when needed
  • Unified View — Query across all connected sources seamlessly

Schemas

Schemas represent individual data sources within your datalake. Each connected integration creates a schema containing its tables.

Examples:

  • aws_cloudtrail — AWS CloudTrail logs
  • office365 — Microsoft 365 audit logs
  • crowdstrike — CrowdStrike Falcon data

Tables

Each schema contains one or more tables representing specific data types from that source.

-- Query a table from a specific schema
SELECT * FROM aws_cloudtrail.events LIMIT 100

-- Join across schemas
SELECT a.*, b.* 
FROM aws_cloudtrail.events a
JOIN office365.audit_logs b ON a.user_id = b.user_id

Fields

Tables contain fields (columns) with typed data. The Query Analyzer provides auto-complete for all available fields.

Health Monitoring

The Fusion dashboard displays health status for each connected source:

  • Green (>80) — Healthy, operating normally
  • Yellow (50-80) — Degraded, may need attention
  • Red (below 50) — Critical, requires immediate attention

Querying Data

Fusion uses PostgreSQL-compatible SQL with extensions:

-- Standard SQL works
SELECT * FROM my_schema.my_table WHERE timestamp > NOW() - INTERVAL '1 day'

-- Vector similarity search
SELECT *, similarity(description, 'suspicious login') as score
FROM alerts
ORDER BY score DESC
LIMIT 10

-- Query saved query results
SELECT * FROM queries."saved-query-id"

→ See Query Analyzer for the full querying interface.

Data Flow

External Sources → Data Connectors → Fusion Datalake → Query Engine → Insights
        ↓                                                      ↓
    Schema Bricks                                        Detections
        ↓                                                      ↓
    Tables                                                  Alerts

Fusion acts as the central data layer that feeds all other DTACT modules.