Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn to revolutionize threat hunting and detection engineering by applying data science methodologies that surpass traditional SIEM limitations in this 39-minute conference talk. Discover how to leverage Python, Pandas, and Jupyter notebooks to gain enhanced visibility into adversarial activities and develop a more iterative, scalable approach to cybersecurity data analysis. Explore the evolution from alert response to comprehensive data analysis as cyber threats become increasingly sophisticated through "living off the land" techniques. Master the application of data science libraries including Pandas, Numpy, Matplotlib, and Scikit-Learn to transform hypothesis-driven hunt queries with thousands of results into refined, actionable intelligence through programmatic filtering and statistical analysis. Understand how to utilize quantiles and coefficient of variance to identify command and control activity patterns, while learning to integrate multiple data sources through internal APIs (EDR, SQL, packet captures) and external APIs (Virus Total, Shodan, Domain Tools) for comprehensive data enrichment. Witness practical demonstrations of unsupervised machine learning using K-Means clustering on web traffic to detect active command and control communications from filtered datasets. Gain insights into making these advanced techniques accessible to analysts without extensive Python or data science backgrounds, including structured training pathways using free and low-cost resources that can transform traditional cybersecurity monitoring approaches.
