Threat Hunting Masterclass: Three Data Science Notebooks to Find Bad Actors in Your Network Logs

Presented by Corelight & Graphistry


With the right tools and some basic guidance, threat hunting is more accessible than you might think. This webcast and optional hands-on lab will help you get started with threat hunting queries you can instrument in your own environment and corresponding GPU-accelerated graph visualizations to make the results pop out. The analyses are performed as runnable data science notebooks, which is an emerging technique for turning hunting into a repeatable and growable team capability.

Learn from experts in their fields as they walk through sample threat hunts using Zeek logs, Splunk, Graphistry, and Jupyter/Pandas to take you from hypothesis to discovery. The training datasets and notebooks will be made available to registrants in advance of the broadcast, so you can follow along as the instructors lead you through various hunts. Optionally, stay after the webcast ends for help from the team.

Register for this webcast to learn:

  • How to identify suspicious activity in your DNS traffic, SMB traffic, and encrypted traffic
  • How to use data science notebooks to make threat hunts collaborative and repeatable
  • How to easily pair log search queries with GPU-accelerated visual graph analytics when looking at event data or large systems
  • And more...




Leo Meyerovich

Leo Meyerovich is CEO and cofounder of Graphistry, Inc. Previously, he pursued award-winning research that included hardening JavaScript, security policy verifiers, the first reactive web language, hardware-accelerating web browsers, and the sociological foundations of programming languages. For more information about Graphistry please visit: https://www.graphistry.com/


Richard "Chit" Chitamitre

Richard Chitamitre is a technology evangelist at Corelight. Prior to that he worked as a Senior Security Analyst at Edward Jones and before that spent over a decade serving in the U.S. Navy across a number of cybersecurity roles, including work on the Tailored Access Operations team and Navy CMT. For more information about Corelight please visit: https://corelight.com/