Threat Hunting and Detection - How Modern Data-Driven Threat Hunting is Done
In today's rapidly evolving threat landscape, traditional security monitoring is no longer sufficient. Modern threat hunting requires a data-driven approach that leverages advanced analytics, algorithms, and security intelligence. This session will provide an in-depth look at how cybersecurity teams can proactively detect threats by applying Jupyter Notebooks, Python-based analytics, and Outlier Detection techniques using Numpy and Pandas.
Join us for a technical deep dive into real-world threat hunting scenarios, where we will explore:
- The fundamentals of data-driven threat hunting.
- How to leverage Jupyter Notebooks for security analysis.
- Outlier detection algorithms to identify anomalies in security logs.
- Hands-on techniques using Numpy & Pandas for large-scale data analysis.
We will also walk through live demonstrations and interactive case studies that showcase how to detect stealthy threats hidden within massive datasets.
Key Takeaways:
- Understanding modern threat hunting methodologies.
- Using Jupyter Notebooks for security research and detection.
- Implementing Outlier Detection for anomaly-based threat detection.
- Practical data analysis techniques with Numpy & Pandas.
- Real-world demos and case studies of threat hunting in action.
Requirements:
Attendees need internet connectivity and personal laptops during the workshop. Prerequisites to setup before workshop will be shared a week before workshop.
Archan is a cybersecurity expert and Co-founder & CEO at BlackPerl DFIR with over a decade of experience in defensive security, incident response, threat hunting, and digital forensics across Consumer Goods, FMCG, and Media industries. Specializing in cloud security, SIEM, and automation, they have worked extensively with tools like Azure IDP, Darktrace, Zscaler, QRadar, and Cylance EDR/EPP to analyze threats, fine-tune detection strategies, and automate incident response.
With hands-on experience in DFIR for cloud environments (AWS, GCP, Kubernetes, WAF), Archan has contributed to building incident management frameworks and security operations strategies using Elastic SIEM. They have also supported 12+ global clients in a 24/7 SOC, providing network security monitoring, anomaly detection, and automation scripting.
A passionate security innovator, Archan is dedicated to enhancing cybersecurity resilience through automation, threat intelligence, and cutting-edge security strategies.