5 Threat Hunting Skills That Cybersecurity Professionals Are Overlooking So That They Can Proactively Detect and Neutralize Threats
Here are 5 data analysis tools that will save you dozens of painful hours by speeding up your analysis.
1) Excel
This completely changed the way I thought about data analysis.
Once I learned some basic sorting and filtering features it showed me a new way to use data analysis skills for threat hunting. Creating conditional formatting rules to change colors for events I was interested in blew my mind.
Excel was my gateway into wanting to learn other data analysis techniques to look at my data in new and interesting ways.
-
2) Python pandas
If you want to learn how to code and you are a threat hunter who needs to analyze data, Python is your language.
Python provides threat hunters the ability to create a pandas dataframe which gives you immense power when you have data that needs to be analyzed. What is special is that it can work with most data formats from XLSX to JSON.
pandas was how I learned Python and its ability to analyze data with a few lines of code is awesome!
-
3) Postgres SQL
SQL is the tool you should use if you have gigabytes and gigabytes of data.
You can create Python scripts to import your data into the database and then use a tool such as pgAdmin to run SQL queries to find interesting events. You can even use Python to connect to the database and use pandas to create dataframes.
SQL is definitely the tool you want to use when you have a ton of data that you need to analyze.
-
4) Timeline Explorer
This is an Eric Zimmerman tool developed for viewing timeline data of different file formats to include CSV and XLSX.
This tool allows for easy grouping and filtering of data of interest. What sets it apart from Excel is that it is more forgiving when opening larger files.
I encourage you to try it out and compare it to Excel!
-
5) JQ
If your data format is JSON and you need to quickly filter, parse, format, or transform your data, JQ is the tool you need to learn.
It can give you the ability to extract and transform specific fields or values from JSON objects or arrays. You can also apply conditional logic, arithmetic operations, string manipulation, and regular expressions to your data.
Definitely head over to their documentation and give it a read and start ripping through some JSON data.
-
Data analysis tools are vital for threat hunting, as they help threat hunters to manipulate and interpret multiple data formats, such as JSON, CSV, or XLSX.
By using data analysis tools, threat hunters can enhance their cyber defensive capabilities and optimize their workflows.
If you enjoyed this conversation and want to learn more about threat hunting, please follow and subscribe to my channel. You will get access to more exclusive content, tips, and tricks. Thank you for your support and I hope to see you again soon.
Happy hunting!