EDA with CISSM

toolsmith #150: Exploratory Data Analysis with University of Maryland's Center for International and Security Studies Cyber Attacks Database

Introduction

Exploratory data analysis (EDA) is a mission critical task underpinning the predominance of detection development and preparation for cybersecurity-centric machine learning. There are a number of actions that analysts can take to better understand a particular data set and ready it for more robust utilization. In the spirit of toolsmith, and celebration of this being the 150th issue since toolsmith’s inception in late 2006, consider what follows a collection of tools for your security data analytics tool kit.

[Read More]

DFIR Redefined Part 3: visNetwork for Network Data

Deeper Functionality for Investigators with R series continued

In keeping with pending presentations for the Secure Iowa Conference and [ISC2 Security Congress](https://www.eventscribe.com/2019/ISC2/agenda.asp?pfp=days&day=10/28/2019&theday=Monday&h=Monday October 28&BCFO=P|G), I’m continuing the DFIR Redefined: Deeper Functionality for Investigators with R series (see Part 1 and Part 2). Incident responders and investigators, faced with an inundation of data and ever-evolving threat vectors, require skills enhancements and analytics optimization. DFIR Redefined is intended to explore such opportunities to create efficiencies and help the blue team cause. visNetwork represents another fine example of visualizing datasets in a manner that analysts can naturally gravitate towards.

[Read More]

toolsmith snapshot: r-cyber with rud.is

R packages for cybersecurity research, DFIR, risk analysis, metadata collection, document/data processing, and more

I recently delivered my DFIR Redefinded: Deeper Functionality for Investigators in R presentation at the Computer Technology Investigators Network (CTIN) Conference on the Microsoft campus. This is content I provide when and where I can with the hope of inspiring others to experience what happened for me as a direct result of reading Bob Rudis and Jay Jacobs Data-Driven Security. At the risk of being a bit of fan boy, I will tell you that my use of R as part of my information security and assurance practice came via this book and Bob’s rud.is blog.
Bob “has over 20 years of experience defending companies using data and is currently Chief Data Scientist at Rapid7, where he specializes in research on internet-scale exposure.” He embraces the “In God we trust. All others must bring data” approach to his craft, and it’s righteous. One on the products of this approach is r-cyber, a collection of “R packages for use in cybersecurity research, DFIR, risk analysis, metadata collection, document/data processing and more.”

[Read More]
r-cyber  R  DFIR