We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by our friends in the Open Threat Research Forge, together with folks from the Microsoft Threat Intelligence Center (MSTIC).
Although this is not a Microsoft event, our Microsoft Security teams are delighted to be involved with helping organize it and deliver talks and workshops. Registration is free and it will be streamed on YouTube Live both days from 10:30 AM to 8:00 PM Eastern Time.
Figure 1. InfoSec Jupyterthon 2021 event image. This image was created by Scriberia for The Turing Way community and is used under a CC-BY licence. Zenodo record.
What is InfoSec Jupyterthon?
InfoSec Jupyterthon is a forum for information security analysts and engineers to share knowledge and experiences about using Jupyter notebooks in security hunting and investigation. Last year’s conference featured talks on a variety of topics, from integrating notebooks into your security operations (SOC) processes to using GPU-accelerated graphs, time series decomposition, and pandas statistics to detect and understand attacker patterns.
Since many of last year’s attendees identified themselves as Jupyter notebooks beginners, this year’s conference will feature a series of beginner and intermediate tutorials during the mornings, covering notebooks, data analysis with pandas, visualization and using MSTIC’s infosec Python package MSTICPy. The afternoons will host speakers on a variety of notebook and info security topics, including:
- Automating notebook execution
- Using notebooks with Apache Spark
- Using notebooks in incident response
What is Jupyter and why is it relevant to infosec?
Jupyter notebooks are a hybrid environment that combine code, data analysis, and visualization in a single document. Jupyter is widely used by scientists and data analysts. Some of the characteristics that make Jupyter a great platform for more advanced threat investigations are:
- Data agnostic – you can bring data from (almost) anywhere into your analysis
- Centralization – you can combine code, formatted text, visuals in a single document
- Flexible structure – it’s easy to add and remove sections as needed
- Repeatable processes – you can save and run the same notebook on different inputs and/or criteria
- Instant reporting – you can save a notebook as a PDF or HTML page
Figure 2: A sample visualization of a process tree generated in a Jupyter notebook.
If you ever find yourself limited by your SIEM but don’t want to break into full-blown development mode, Jupyter notebooks could be what you’re looking for. You can read more about the benefits of using Jupyter in information security in this article.
Microsoft Sentinel includes a Jupyter notebooks feature that utilizes open APIs to power advanced investigations and hunting. Notebooks are also featured in several other Microsoft services such as Azure Data Studio and Azure Machine Learning. Google’s Colab and Amazon’s Sagemaker also have a big following, making Jupyter notebooks a popular tool with broad support and a variety of use cases.
We’re looking forward to seeing you at InfoSec Jupyterthon 2021, December 2-3, 2021 from 10:00 AM to 8:00 PM Eastern Time. To attend, make sure to register for the event. You will get an email confirming your registration and well as additional information about the agenda, schedule, and workshop instructions.
To stay up to date on Microsoft’s latest security research and threat intelligence insights, make sure to read our blog.
