Data Analysis as a Defender

Get me all your dataaaaaaaaaa!

Learning resources or book you should read

https://medium.com/dataman-in-ai/handbook-of-anomaly-detection-with-python-outlier-detection-1-introduction-c8f30f71961c (Learn anomaly detection from basic)

What you should learn

The Basic

One of the most important things to defend is to know a little bit about statistics and how to ask questions about the vast data you have by that I mean it is the sheer amount of logs that you are ingesting to your SIEM.

Statistic is the key

Let's think about the data you have okay? you have

Network (External IP Address, Internal IP Address, Bytes In, Bytes Out, Port, Protocol, and DNS)
Host (Event Log which includes a lot of information, command line, process creation, registry, authentication,...)
Security Product (Alerts, signature,...)
Application/Web Server (Access log, error,...)

-> In the end you get the point, a lot of data is sitting there and waiting to be analyzed -> In my opinion doing statistics basically baseline the system so how to do it?

<Insert Statistic Technique>

PreviousDefense Witchcraft NextActive Directory

Last updated 2 years ago

Was this helpful?