My experience with Jupyter
What is Threat Intelligence?
How Jupyter notebooks can be applied
in Threat Intelligence
Practical examples and tips & tricks
Slide 4
Slide 4 text
Sharing knowledge is not about
giving people something.
Sharing knowledge occurs when people
are genuinely interested in helping
others to develop new capacities.
It is about creating
learning processes.
- Peter Senge -
Slide 5
Slide 5 text
Started using Jupyter in 2017
Learning machine learning for
malware detection and classification
Using notebooks to document my
processes and code
Slide 6
Slide 6 text
What activity are we
seeing?
Observable
What weaknesses does
this threat exploit?
Exploit Target
What threats should I
look for and why?
Indicator
Where has this threat
been seen before?
Incident
Who is responsible for
this threat?
Threat Actor
What does it do?
Procedure
Why does it do this?
Campaign
What can I do about it? Course of
Action
Slide 7
Slide 7 text
By exchanging threat intelligence, organizations benefit from the
community’s collective knowledge, experience, and capabilities to
better understand the threats they face.
Threat intelligence sharing is a critical tool for the cybersecurity
community.
It takes the knowledge of one organization and spreads it across
the entire industry to improve all security practices.
Slide 8
Slide 8 text
Python, C#, C++ and many more... Use for data analysis and data
science
Efficient for incident response,
log analysis, forensics...
Threat intelligence analysis,
analyse data leaks
Enriching data, IOCs... Creating visualizations
Slide 9
Slide 9 text
Jupyter allows to exchange knowledge and practical analysis
Share workflow and procedure to analyse
Share practical tools that can be reused
Enhance the capabilities of the team
Add setup instructions Get to know well your data
(structure, file format... )
Have a broader understanding
before deep diving
Share your notebook with your
team, the community
Document what you are
doing and your code
Use visualization
Get feedback and improve your
next notebook!
Slide 16
Slide 16 text
Run a command from Jupyter using "!" or magic command using "%"
Using the "%%writefile" magic saves the contents of that cell to an external file.
"%pycat" does the opposite, and shows the syntax highlighted contents of an external file.
Slide 17
Slide 17 text
https://jupyter.securitybreak.io
Slide 18
Slide 18 text
Sharing data is nice, sharing how to process that data is
better!
Jupyter is the perfect companion for workflow and high
value procedures.
Notebooks are repeatable, explainable and most of all
shareable.