Threat Hunting Masterclass: Three data science notebooks for finding bad actors in your network logs

Posted by Graphistry Staff on May 13, 2019

Welcome to the inaugural Graphistry masterclass! Every month, we’ll host an expert-led tutorial on graph technologies and techniques. Each session will share optional training materials such as runnable Jupyter notebooks so you can follow along, and after, can get interactive help.

Watch this post for links to data, notebooks, and instructions as the webinar approaches.


Threat Hunting Masterclass: Three data science notebooks for finding bad actors in your network logs

Presented by Corelight & Graphistry

Date: Wednesday, May 22, 2019 at 11am PDT (2pm EDT)

With the right tools and some basic guidance, threat hunting is more accessible than you might think. This webcast and optional hands-on lab will help you get started with threat hunting queries you can instrument in your own environment and corresponding GPU-accelerated graph visualizations to make the results pop out. The analyses are performed as runnable data science notebooks, which is an emerging technique for turning hunting into a repeatable and growable team capability.

Learn from experts in their fields as they walk through sample threat hunts using Zeek logs, Splunk, Graphistry, and Jupyter/Pandas to take you from hypothesis to discovery. The training datasets and notebooks are public, so you can download them and follow along as the instructors lead you through various hunts. Optionally, stay after for help from the team.

Register for this webcast to learn:

  • How to identify suspicious activity in your DNS traffic, SMB traffic, and encrypted traffic
  • How to use data science notebooks to make threat hunts collaborative and repeatable
  • How to easily pair log search queries with GPU-accelerated visual graph analytics when looking at event data or large systems
  • And more!
Leo Meyerovich

Leo Meyerovich is CEO and cofounder of Graphistry, Inc. Previously, he pursued award-winning research that included hardening JavaScript, security policy verifiers, the first reactive web language, hardware-accelerating web browsers, and the sociological foundations of programming languages.

Richard Chitamitre

Richard Chitamitre is a technology evangelist at Corelight. Prior to that he worked as a Senior Security Analyst at Edward Jones and before that spent over a decade serving in the U.S. Navy across a number of cybersecurity roles, including work on the Tailored Access Operations team and Navy CMT. For more information about Corelight please visit:

Masterclass materials and links Updated 5/26/2019

  • Access free recording, datasets, and training material (link)