Cyber Security Incident Investigation using Graphistry
收藏Databricks2024-05-09 收录
下载链接:
https://marketplace.databricks.com/details/a548beee-8ce1-436a-8b08-91f31a04cdc6/Databricks_Cyber-Security-Incident-Investigation-using-Graphistry
下载链接
链接失效反馈官方服务:
资源简介:
**Use Cases**
In this solution accelerator, we showcase how SOC analyts, Incident Responders and Threat Hunters can use Databricks to
- Investigate an incident or alert to determine if it is true positive or false positive. If it is a true positive, determine the host and users impacted, so that remediation steps can be taken.
- Investigate leads from a threat hunting exercise.
- Hunt for threats given a piece of threat intelligence or a news release
**Technical Overview**
- Leverage any cybersecurity data in the lakehouse without transforming the data into a graph data model at ingestion time.
- Dynamically run a query to filter the data and convert to graph data model at analysis time. This flexibility allows the analyst to tweak the graph data model at will during analysis.
- Send the resultant data frames (nodes and edges) to graphistry for visualization
- Perform investigation and analysis in graphistry UI without writing any code
Click on the "Get instant access" button in the top right corner to clone the solution accelerator repo into your workspace. Once the repo is cloned into your workspace, please execute the **RUNME** notebook in the repo in order to create the cluster and job you can use to run the notebooks.
提供机构:
Databricks搜集汇总
数据集介绍

背景与挑战
背景概述
该数据集提供了一个网络安全事件调查解决方案,支持安全分析师进行事件验证、威胁追踪和情报分析。它利用数据湖技术动态转换数据为图模型,并通过可视化工具实现无代码调查分析。
以上内容由遇见数据集搜集并总结生成



