Introduction to Data Analysis with Security Onion and Other Open Source Tools

Dive into data analysis for cybersecurity with this conference talk from Security Onion Conference 2018. Learn how to leverage Security Onion and other open-source tools to perform high-performance data analysis using Python and PANDAS. Explore techniques for populating dataframes, reading directly from Elastic, and understanding complex datasets. Master essential skills such as dropping unnecessary columns and rows, conducting frequency analysis, and drilling down into data. Discover how hunting is fundamentally a matter of time series analysis, and gain insights into seasonal patterns and corrected transaction graphs. Acquire valuable knowledge about tools and resources to enhance your data analysis capabilities in the field of information security.

Intro
PANDAS: HIGH-PERF DATA ANALYSIS FOR PYTHON
POPULATING YOUR DATAFRAME
OR... READ DIRECTLY FROM ELASTICI
UNDERSTANDING THE DATA
DROP UNNECESSARY COLUMNS
DROP UNNECESSARY ROWS
FREQUENCY ANALYSIS (AKA "STACK COUNTING")
DRILUNG DOWN
HUNTING IS JUST A MATTER OF TIME SERIES ANALYSIS
TIME SERIES SEASONALITY
UNDERSTANDING THE SEASONAL PATTERN
THE CORRECTED TRANSACTION GRAPH
TOOLS & RESOURCES