Note: Page numbers followed by “f” and “t” indicate figures and tables respectively.
Access analytics
MaxMind’s GeoIP module,
121parse_args() function,
112parser.add.argument method,
112remote access Python analytics program flow,
111, 111fresult analysis
malicious remote connections identification,
121third-party remote access,
100unauthorized remote access identification
anomalous user connections,
105–107credit card transaction statements,
105VPN
add-on two-factor authentication mechanisms,
101“ReceiveTime” column,
114unsecured/untrusted network,
100Amazon’s Elastic MapReduce environment,
29Analytical software and tools
statistical programming,
14–15Analytics
authentication,
computer systems and networks,
4–5expert system program,
10free-form text data,
incident response,
intrusion detection,
knowledge engineering,
, 10Known Unknowns,
log files,
logical access controls,
machine learning,
multiple large data centers,
security breaches and attacks,
simulation-based decisions,
statistical techniques,
text mining,
unauthorized access attempts,
10Unknown Unknowns,
unsupervised learning,
3–4virus/malware infection,
vulnerability management,
11–12Arena
adding data and parameters,
21, 69conceptual model creation,
21, 68IT service desk ticket queue,
68, 68fModel window flowchart view,
20, 67Model window spreadsheet view,
20, 68Rockwell Automation,
20, 67
running the simulation,
21, 69simulation analysis,
22, 69three-process scenario,
68Artificial intelligence,
, 14Bash shell command line,
27Behavioral analysis,
artificial intelligence applications,
behavioral analysis,
Cloudera QuickStart VM,
15Hadoop technologies,
, 15Linux operating system,
15MapReduce technologies,
, 15predictive analysis,
tools and analysis methods,
64Classification techniques,
Cloudera Hadoop installation,
30Cloudera QuickStart VM,
15Cluster analysis
dtmWithClust data frame object,
145hierarchical clustering,
142randomForest function,
146Clustering,
Comma separated values (CSV) module,
109–110Comprehensive R Archive Network (CRAN),
16, 124Conduct data analysis,
154Correlation analysis
CREATE module
external e-mail entities,
74, 74fproperties updation,
74, 75fproperties updation,
88, 88fDenial of service attack (DoS),
37Descriptive statistics,
14DocumentTermMatrix function,
140Explanatory analysis,
153Graphical user interface (GUI),
13Hadoop File System (HDFS),
40Hadoop technologies,
, 15, 23Hierarchical clustering,
142IncidentDescription column,
126Incident response,
big data tools and analysis methods,
64data loading
Amazon’s AWS environment,
27Amazon’s Elastic MapReduce environment,
29Apache log-file format,
28Bash shell command line,
27Cloudera Hadoop installation,
30cross-site request forgery,
35directory traversal and file inclusion,
32–34failed access attempts,
42“failedaccess” variable,
58failed requests percentage,
41failed requests per day/per month,
47–48failed to successful requests ratio, time series
, See Time series“404 file not found,”
42–43logistic regression coefficients,
59, 59fmonthly time series, failed requests,
48–49MySQL charset switch and MS-SQL DoS attack,
37–39specific attack vectors,
30“statusgroupings” view,
56–57tallying and tracking failed request statuses,
39in intrusions and incident identification
big data tools, conducting analysis,
25network and server traffic,
25real-time intrusion detection and prevention,
24text mining techniques,
64unstacked status codes,
59–63Intrusion detection,
Knowledge engineering,
, 10Linear regression,
Linux operating system,
15Log files,
combined log file fields,
26common log file fields,
26open-source server software,
25–26Logical access controls,
Machine learning,
MapReduce technologies,
, 15, 23MaxMind’s GeoIP module,
121MySQL charset switch,
37–39parse_args() function,
112parser.add.argument method,
112Predictive analysis,
, 153Principal components analysis,
properties updation,
76, 77fstandard deviation,
85, 86frandomForest function,
146properties updation,
89, 90fremoveNumbers function,
128removePunctuation function,
128removewords function,
128cluster analysis
dtmWithClust data frame object,
145hierarchical clustering,
142randomForest function,
146cross site scripting reports,
136data profiling with summary statistics,
130–131IncidentDescription column,
126linear model function,
19Massive Open Online Courses,
17package libraries and data import,
127removeNumbers function,
128removePunctuation function,
128removewords function,
128removing sparse terms,
130statistical calculations,
16stripWhitespace function,
127terms dictionary
dictionary parameter,
140DocumentTermMatrix function,
140time series trends, correlation analysis
Web Application Security Consortium,
125Security intelligence
equipment and personnel integration,
159–160explanatory analysis,
153internal security gaps,
153security analytics process,
151, 152fSecurity policy templates,
154additional report information,
91, 91faverage processing times,
94tconstant delay type,
85, 95tCREATE module
external e-mail entities,
74, 74fproperties updation,
74, 75fproperties updation,
88, 88fe-mail gateway device,
69final report view,
93, 94fPROCESS dialog’s standard deviation,
85, 86fproperties updation,
76, 77fProject Parameter tab,
79–80properties updation,
89, 90frunning simulation,
81, 82fstandard deviation,
83, 84f“True Clean” decision box,
91, 92fvendor scenario probability,
92, 92tvendor simulation average processing time,
72, 72tSimulation-based decisions,
SQL injection attack
stripWhitespace function,
127Term document matrix,
124Text Mining
open source software tools,
123–124Text mining techniques,
, 64common data transformations,
125document-term matrix,
124term document matrix,
124Time series
autocorrelation effects,
55, 57fINSERT OVERWRITE LOCAL DIRECTORY command,
53–54Unauthorized remote access identification
anomalous user connections,
105–107credit card transaction statements,
105Unsupervised learning,
3–4Virtual private network (VPN),
10add-on two-factor authentication mechanisms,
101“ReceiveTime” column,
114unsecured/untrusted network,
100Vulnerability management,
11–12Web Application Security Consortium,
125Web Hacking Incident Database (WHID),
125