This repo contains practical applications of threat hunting techniques.
Below is the link to launch the JupyterLab in MyBinder, a custom computing environment that allows you to share workflows with others.
This example takes an http bro log and uses python to do frequency analysis (i.e. long tail, stacking, most/least frequent occurence) on the HTTP fields. Presented in this example is an adversarially focused hypothesis to investigate the data.
This example uses the same http bro log and uses python to do visualization and graphing of the data. Presented in this example is a data centric hypothesis to investigate the data.