# Getting Started

Welcome to the Threat Hunting Lab.

This notebook verifies that:

* Your environment is working correctly
* The dataset is accessible
* Python and pandas are properly configured

Before we begin hunting, we need to confirm:

1. You are in the correct working directory
2. The `/data/` folder is accessible
3. The lab dataset can be successfully loaded

---

## What This Notebook Does

The code below will:

* Print your current working directory
* Show the files available in your current folder
* Show the files inside the `/data/` directory
* Load the lab dataset into a pandas DataFrame
* Display the first few rows of the dataset

If everything runs without errors, your lab environment is ready.

---

## Why This Matters

Threat hunting requires:

* Reliable data access
* Clean parsing of structured logs
* Confidence in your analysis environment

Before forming hypotheses or stacking events, we validate the basics.

If the dataset loads successfully, proceed to the next lab.

If you encounter errors:

* Verify the `/data/` directory exists
* Confirm the filename is correct
* Re-run the cell

Let’s confirm your environment is operational.

Happy hunting!


In [15]:
import os
import pandas as pd


current_directory = os.getcwd()
print("Current directory:", current_directory)

print("Current directory listing:", os.listdir('.'))           # list the contents of the current folder
print("Listing of the /data/ folder:", os.listdir('../data/'))        # list the content sof the "data" folder


df = pd.read_csv('../data/lab_github.csv') # read the lab_github.csv lab file
df.head() # display the head of the csv file. 

Current directory: /Users/user/Documents/GitHub/threat-hunting-lab-zia/notebooks
Current directory listing: ['getting_started.ipynb', '.ipynb_checkpoints']
Listing of the /data/ folder: ['lab_phishing.csv', 'README.md', 'lab_github.csv', 'lab_dprk.csv']


Unnamed: 0,No.,Logged Time,Event Time,User,SSL Inspected,URL,Policy Action,Cloud Application Class,Cloud Application,Application Status,...,JA4 Fingerprint C,Client-Side Key Exchange Algorithm,Server-Side Key Exchange Algorithm,Client-Side Digital Signature Algorithm,Server-Side Digital Signature Algorithm,Client Key Exchange Proposal,Client Digital Signature Proposal,Download User-Defined File Type,Upload User-Defined File Type,Extranet Resource
0,1,"January 29, 2026 3:59:05 PM PST","January 29, 2026 3:59:05 PM PST",mwylie@deepen.zscaler.net,No,www.msftconnecttest.com/connecttest.txt,Allowed,General Browsing,,,...,,,,,,,,,,
1,2,"January 29, 2026 3:59:05 PM PST","January 29, 2026 3:59:05 PM PST",mwylie@deepen.zscaler.net,Yes,array810.prod.do.dsp.mp.microsoft.com/join/?eid=8,Allowed,General Browsing,,,...,,secp256r1,secp256r1,rsa_pss_rsae_sha256,ecdsa_secp256r1_sha256,"[""Classical""]","[""Classical""]",,,
2,3,"January 29, 2026 3:59:06 PM PST","January 29, 2026 3:59:06 PM PST",mwylie@deepen.zscaler.net,No,www.msftconnecttest.com/connecttest.txt,Allowed,General Browsing,,,...,,,,,,,,,,
3,4,"January 29, 2026 3:59:06 PM PST","January 29, 2026 3:59:06 PM PST",mwylie@deepen.zscaler.net,Yes,login.live.com/rst2.srf,Allowed,IT Services,Microsoft Login Services,Unsanctioned,...,,secp256r1,secp384r1,rsa_pss_rsae_sha256,rsa_pss_rsae_sha256,"[""Classical""]","[""Classical""]",,,
4,5,"January 29, 2026 3:59:06 PM PST","January 29, 2026 3:59:06 PM PST",mwylie@deepen.zscaler.net,Yes,login.live.com/rst2.srf,Allowed,IT Services,Microsoft Login Services,Unsanctioned,...,,secp256r1,secp384r1,rsa_pss_rsae_sha256,rsa_pss_rsae_sha256,"[""Classical""]","[""Classical""]",,,
