DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

(Beginner) Data Analysis for Detection Research Through Jupyter Notebooks 101

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • (Beginner) Data Analysis for Detection Research Through Jupyter Notebooks 101

    Title: (Beginner) Data Analysis for Detection Research Through Jupyter Notebooks 101

    Description:
    Please see https://cfc.blueteamvillage.org/call...0/talk/GCUYNN/ for pre-reqs.

    From a detection research perspective, even after learning how to simulate a threat actor technique and generate some data in your lab environment, you might still struggle to know what to do with it. In some cases, you might need to filter, transform, correlate and visualize your data to come up with the right detection logic. In this workshop, we will walk you through a few basic data analysis techniques using open source and SIEM agnostic tools such as Jupyter Notebooks which are not only used by large organizations, but also can be deployed at home for free.
    Pre Requirements

    Basics of Python
    (optional) A computer with Docker Installed.
    If you are planning on deploying Jupyter in your own system, we will show you how to deploy it via Docker. It is not necessary since we are going to use BinderHub to interact with Jupyter Notebooks throughout the whole workshop.

    Outline

    Introduction to Jupyter Notebooks (10 mins)
    * Deployment Options
    * Binder Project

    Introduction to Apache Spark (5 mins)
    * Spark Engine
    * Spark SQL & DataFrames

    Data Analysis Process 101 (10 mins)

    We need data! (Mordor Project) (5 mins)
    * Download Datasets
    * Raw Data -> DataFrame

    A few data analysis techniques: (1 hour)
    * filter
    * transform
    * correlate
    * visualize

    Speaker(s): Roberto Rodriguez, Jose Rodriguez

    Location: Blue Team Vlg / Blue Team Vlg - Workshop Track 2

    Discord: https://discord.com/channels/7082082...54317658734613

    Event starts: 2020-08-07 18:00 (06:00 PM) PDT (UTC -07:00)

    Event ends: 2020-08-07 19:30 (07:30 PM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-03T01:19 (UTC).
    Starts
    August 7, 2020 18:00
    Ends
    August 7, 2020 19:30
    Location
    Blue Team Vlg / Blue Team Vlg - Workshop Track 2
Working...
X