(Please find the detailed walkthrough here: https://www.linkedin.com/pulse/log-analysis-find-outlier-using-jupyter-notebook-arvind-javali)
Well, during incident response, an incident responder deals with various kinds of logs and has many tools for analysis at their disposal. The goal of the log analysis during cyber incident is to develop intelligence and join the shreds of evidence collected to find the root cause of the security breach.
I would like to introduce you to Jupyter Notebook another efficient tool that is an open-source interactive notebook that you can use to create and share documents that contain live code, equations, visualizations, and text. Jupyter Notebook is maintained by the people at Project Jupyter. In this blog, I have tried to demo an approach for log analysis that mixes a bit of data science and domain-specific knowledge (DFIR – Digital Forensics and Incident Response).
To launch the Jupyter Notebook click on launch binder icon.
Available notebooks as below:
- Apache-AccessLog-Analyzer.ipynb
For demo watch this YouTube video here:
PS: you can feed your data just update the filename in the notebook. For any questions reach out to me.
