Reducing mean time to detect (MTTD) for security incidents is an essential goal for the production ops team running the public InfluxDB Cloud service. With tens of thousands of customers using the service, this service emits a large stream of events that need to be quickly evaluated, 24/7. In this talk, Al Sargent will discuss how the InfluxData team uses our time series database service to discover security incidents quickly. We’ll cover: What security events to look for Queries to run to discover those security events How to run those queries in InfluxDB