five

Cyber Security Incident Investigation using Graphistry

收藏
Databricks2024-05-09 收录
下载链接:
https://marketplace.databricks.com/details/a548beee-8ce1-436a-8b08-91f31a04cdc6/Databricks_Cyber-Security-Incident-Investigation-using-Graphistry
下载链接
链接失效反馈
官方服务:
资源简介:
**Use Cases** In this solution accelerator, we showcase how SOC analyts, Incident Responders and Threat Hunters can use Databricks to - Investigate an incident or alert to determine if it is true positive or false positive. If it is a true positive, determine the host and users impacted, so that remediation steps can be taken. - Investigate leads from a threat hunting exercise. - Hunt for threats given a piece of threat intelligence or a news release **Technical Overview** - Leverage any cybersecurity data in the lakehouse without transforming the data into a graph data model at ingestion time. - Dynamically run a query to filter the data and convert to graph data model at analysis time. This flexibility allows the analyst to tweak the graph data model at will during analysis. - Send the resultant data frames (nodes and edges) to graphistry for visualization - Perform investigation and analysis in graphistry UI without writing any code Click on the "Get instant access" button in the top right corner to clone the solution accelerator repo into your workspace. Once the repo is cloned into your workspace, please execute the **RUNME** notebook in the repo in order to create the cluster and job you can use to run the notebooks.
提供机构:
Databricks
搜集汇总
数据集介绍
main_image_url
背景与挑战
背景概述
该数据集提供了一个网络安全事件调查解决方案,支持安全分析师进行事件验证、威胁追踪和情报分析。它利用数据湖技术动态转换数据为图模型,并通过可视化工具实现无代码调查分析。
以上内容由遇见数据集搜集并总结生成
二维码
社区交流群
二维码
科研交流群
商业服务