Replace your Legacy SIEM with Lakewatch: Build Your Own Custom Apps with Lakehouse & Lakebase

Many legacy SIEMs charge on ingestion, lock data behind proprietary formats, and limit AI customization. Databricks Lakewatch changes that. As the Open Security Lakehouse, Lakewatch lands 100% of your telemetry in open formats on Delta Lake — and because the data is open, security teams can pull any signal into custom apps built natively on Databricks.

This session walks through a production SecOps platform on Lakewatch, ingesting 13TB/day across 22 sources at up to 80% lower cost. OCSF-normalized SDP pipelines deliver sub-15-minute detection with 94% MITRE ATT&CK coverage. A React + FastAPI app on Databricks Apps, backed by Lakebase, shows the art of the possible — AI threat hunting with Claude and custom analyst workflows no prebuilt SIEM could surface.