Threat Detection Using Time Series Analysis and Summary Statistics of Darknet Probes and OSSEC Reports

The ability to detect malicious activity across an organization's computing infrastructure is an ongoing problem we face as information security practitioners. Where can an organization start when building a threat detection program? How can an organization gain threat detection intelligence using free tools? This presentation will address these questions and provide initial steps taken toward developing a threat detection program. Our darknet sensor data comes from dropped packets logged by iptables and collected by OSSEC. We use ossec-reportd to generate reports from across our infrastructure. These data are imported into R for statistical computing and graphics.

OUTCOMES: Learn about implementing a threat detection program * Learn about importing OSSEC data into R * Learn introductory R concepts for creating security metrics