/threat-hunting-with-notebooks

Repository with Sample threat hunting notebooks on Security Event Log Data Sources

Primary LanguageJupyter Notebook

threat-hunting-with-notebooks

Demo files associated with "Threat Hunting with Notebook technologies" presented at Secureworld conferernce in Seattle, WA
https://events.secureworldexpo.com/agenda/seattle-wa-2018/

Presentation: https://www.slideshare.net/ashwin_patil/threat-hunting-using-notebook-technologies

Github jupyter notebook viewer does not parse well, use online services such as nbviewer, mybinder, free computer to view and interact with notebooksby providing github notebook/repo URL.

Launch Binder

Binder

Threat Hunting Example Notebooks

Basic Data Analysis and Visualization on Failed Logon Data :: nbviewer

  • Data Source : Azure Data Explorer
  • Language: Python


Time series anomaly detection on successful logon data using anomalize package :: nbviewer

  • Data Source : Azure Data Lake
  • Language: R


Threat Hunting with ip address from logs :: nbviewer

  • Data Source : csv file with 4688 along with command line logs
  • Language: Python


Open Source Threat Intel Lookup using requests :: nbviewer

  • Language: Python


Anomaly detection and visualization using Time Series Decomposition :: nbviewer

  • Language: Python


Analyzing billions of passwords from Breach compilation dataset :: nbviewer

  • Data Source : Multiple txt and csv file in data folder
  • Language: Python