The way the long eared owl hears is quite incredible. Using asymmetrical placed ears is pretty clever on its own but the way the brain processes this information and converts it is something else entirely.
Placing the ears equidistant horizontally and vertically would be best if you wanted synchronised stereo sound. However by design this is not the case for the long eared owl. In this piece from asknature.org owls can hear in 3 dimensions.
The ears are set up so that even changes as small as 3 degrees horizontally can be detected. This detection is tracked by scientists using pupil dilation and then measured in the brain.
Fascinating then that the neurons firing to this detection are locationally mapped in the auditory response area of the brain corresponding to where the sound came from. Activity patterns higher up in the auditory centre of brain corresponding to an object higher up in real space.
In the security space we often look to ensure the clocks of all devices generating audit logs are synchronised. This allows a timeline of events to be generated in an incident on the hunt for attribution. In placing log event collectors the strategy is often aligned with the volume and type of events being collected. The logical placement in the kill chain is therefore often only coincidental and not used expressly as a measurement itself.
What if organising collectors positionally we could assist realtime threat detection. By placing collectors at kill chain boundaries (not just network zone boundaries) and collecting small indicators at scale from these boundary collectors themselves we could build a model of behaviour using collector meta data.
By placing a visual cue aligned to the behavioural changes in this meta data we could assist triage and hunter teams, indicating areas that may require further investigation or tuning. A map set up to blink and then expiry gracefully like the fabulous Isle of Wight sferics information, using blue light initially (see a future post on this phenomenon), could show the ryhthm of normal activity and anomalous behaviour traits.