Overview
This course teaches learners how to baseline with security log and event data. The learning outcomes include understanding the importance of normal distribution, identifying outliers, and utilizing practical strategies for log management. The course covers skills such as obtaining data, visualizing data, using the three sigma rule, and analyzing event sources. The teaching method involves a combination of theoretical concepts and practical examples. The intended audience for this course is individuals interested in security log analysis and event data management.
Syllabus
Intro
Who am I
Agenda
Log data is underutilized
Practical strategies
Importance of normal
Hunting
Baselines
Logging Log Management
Normal Distribution
NonNormal Distribution
Windows Event Rate
Example
Obtaining Data
Questions to Ask
Visualizing Data
Outliers
Weekend
Handling Outliers
QQ Plot
Three Sigma Rule
Use Cases
RDP
RDP Access
Use Case Primer
Requirements
Event Sources
Validation
Histogram
ShapiroWilkes
Recap
What can you create
References
Questions
Log Reduction
Weekends
Friday
Taught by
BSidesLV