Title: (Beginner) Data Analysis for Detection Research Through Jupyter Notebooks 101

Please see https://cfc.blueteamvillage.org/call...0/talk/GCUYNN/ for pre-reqs.

From a detection research perspective, even after learning how to simulate a threat actor technique and generate some data in your lab environment, you might still struggle to know what to do with it. In some cases, you might need to filter, transform, correlate and visualize your data to come up with the right detection logic. In this workshop, we will walk you through a few basic data analysis techniques using open source and SIEM agnostic tools such as Jupyter Notebooks which are not only used by large organizations, but also can be deployed at home for free.
Pre Requirements

Basics of Python
(optional) A computer with Docker Installed.
If you are planning on deploying Jupyter in your own system, we will show you how to deploy it via Docker. It is not necessary since we are going to use BinderHub to interact with Jupyter Notebooks throughout the whole workshop.


Introduction to Jupyter Notebooks (10 mins)
* Deployment Options
* Binder Project

Introduction to Apache Spark (5 mins)
* Spark Engine
* Spark SQL & DataFrames

Data Analysis Process 101 (10 mins)

We need data! (Mordor Project) (5 mins)
* Download Datasets
* Raw Data -> DataFrame

A few data analysis techniques: (1 hour)
* filter
* transform
* correlate
* visualize

Speaker(s): Roberto Rodriguez, Jose Rodriguez

Location: Blue Team Vlg / Blue Team Vlg - Workshop Track 2

Discord: https://discord.com/channels/7082082...54317658734613

Event starts: 2020-08-07 18:00 (06:00 PM) PDT (UTC -07:00)

Event ends: 2020-08-07 19:30 (07:30 PM) PDT (UTC -07:00)

For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-03T01:19 (UTC).