threat-hunting-with-notebooks

Demo files associated with "Threat Hunting with Notebook technologies" presented at Secureworld conferernce in Seattle, WA
https://events.secureworldexpo.com/agenda/seattle-wa-2018/

Presentation: https://www.slideshare.net/ashwin_patil/threat-hunting-using-notebook-technologies

Github jupyter notebook viewer does not parse well, use online services such as nbviewer, mybinder, https://notebooks.azure.com free computer to view and interact with notebooksby providing github notebook/repo URL.

Launch Azure Notebooks

Requires sign-in to Azure Notebooks

Same repo can be cloned directly from my azure notebooks account:
https://notebooks.azure.com/ashwinrp/projects/threat-hunting-with-notebooks

Launch Binder

Threat Hunting Example Notebooks

Basic Data Analysis and Visualization on Failed Logon Data :: nbviewer

Data Source : Azure Data Explorer
Language: Python

Time series anomaly detection on successful logon data using anomalize package :: nbviewer

Data Source : Azure Data Lake
Language: R

Threat Hunting with ip address from logs :: nbviewer

Data Source : csv file with 4688 along with command line logs
Language: Python

Open Source Threat Intel Lookup using requests :: nbviewer

Language: Python

Anomaly detection and visualization using Time Series Decomposition :: nbviewer

Language: Python

About

Repository with Sample threat hunting notebooks on Security Event Log Data Sources

Languages

Language:Jupyter Notebook 100.0%