https://github.com/ashwin-patil/threat-hunting-with-notebooks

Repository with Sample threat hunting notebooks on Security Event Log Data Sources
https://github.com/ashwin-patil/threat-hunting-with-notebooks

anaconda azure-data-explorer azure-data-lake datascience jupyter-notebook python r security threat-hunting wef

Last synced: about 1 month ago
JSON representation

Repository with Sample threat hunting notebooks on Security Event Log Data Sources

Host: GitHub
URL: https://github.com/ashwin-patil/threat-hunting-with-notebooks
Owner: ashwin-patil
Created: 2018-11-09T21:11:40.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2022-12-02T20:11:44.000Z (over 2 years ago)
Last Synced: 2025-03-21T01:34:26.572Z (about 1 month ago)
Topics: anaconda, azure-data-explorer, azure-data-lake, datascience, jupyter-notebook, python, r, security, threat-hunting, wef
Language: Jupyter Notebook
Homepage:
Size: 1.35 MB
Stars: 63
Watchers: 7
Forks: 11
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# threat-hunting-with-notebooks

Demo files associated with "Threat Hunting with Notebook technologies" presented at Secureworld conferernce in Seattle, WA

https://events.secureworldexpo.com/agenda/seattle-wa-2018/

Presentation: https://www.slideshare.net/ashwin_patil/threat-hunting-using-notebook-technologies

Github jupyter notebook viewer does not parse well, use online services such as [nbviewer](https://nbviewer.jupyter.org), [mybinder](https://mybinder.org/), free computer to view and interact with notebooksby providing github notebook/repo URL.

## Launch Binder
[![Binder](https://mybinder.org/badge_logo.svg)](https://mybinder.org/v2/gh/ashwin-patil/threat-hunting-with-notebooks.git/master)

# Threat Hunting Example Notebooks

**Basic Data Analysis and Visualization on Failed Logon Data** :: [nbviewer](https://nbviewer.jupyter.org/github/ashwin-patil/threat-hunting-with-notebooks/blob/master/Azure%20Data%20Explorer-%20Kqlmagic%20Demo.ipynb)
- Data Source : Azure Data Explorer
- Language: Python

**Time series anomaly detection on successful logon data using anomalize package** :: [nbviewer](https://nbviewer.jupyter.org/github/ashwin-patil/threat-hunting-with-notebooks/blob/master/Azure%20Data%20Lake%20with%20anomalize%20R%20Demo.ipynb)
- Data Source : Azure Data Lake
- Language: R

**Threat Hunting with ip address from logs** :: [nbviewer](https://nbviewer.jupyter.org/github/ashwin-patil/threat-hunting-with-notebooks/blob/master/threat-hunting-with-ipaddress-from-logs-Public.ipynb)
- Data Source : csv file with 4688 along with command line logs
- Language: Python

**Open Source Threat Intel Lookup using requests** :: [nbviewer](https://nbviewer.jupyter.org/github/ashwin-patil/threat-hunting-with-notebooks/blob/master/Open%20Source%20Threat%20Intel%20lookup%20using%20Requests%20API.ipynb)
- Language: Python

**Anomaly detection and visualization using Time Series Decomposition** :: [nbviewer](https://nbviewer.jupyter.org/github/ashwin-patil/threat-hunting-with-notebooks/blob/master/Jupyterthon-TimeSeries%20Demo.ipynb)
- Language: Python

**Analyzing billions of passwords from Breach compilation dataset** :: [nbviewer](https://nbviewer.org/github/ashwin-patil/threat-hunting-with-notebooks/blob/master/Jupyterthon-2022-Analysis%20of%20Billion%20Passwords.ipynb)
- Data Source : Multiple txt and csv file in data folder
- Language: Python

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/ashwin-patil/threat-hunting-with-notebooks

Awesome Lists containing this project

README