Course Description
Threat Hunting with Python teaches students how to take threat hunting hypotheses generated from contextual data or threat intelligence feeds, and then write Python scripts that interact with various data sources and perform data analytics to determine the validity of those hypotheses. Techniques include the use of advanced data structures, active data gathering using SCAPY and other tools, scripting database or SIEM queries, and more. Successful students will gain the ability to script or automate a variety of custom threat hunting tasks, and speed up their threat hunting processes.
Learning Objectives
- Test cyber threat hunting hypotheses by creating Python scripts that perform data gathering and analytics
- Use advanced data structures to store, search, and manipulate data
- Write Python code to interact with a variety of systems such as SIEM platforms and endpoints, as well as static data sources such as log files and traffic captures
- Increase the speed and effectiveness of cyber threat hunting activities through scripting and automation
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):