Anomaly Detection

AI & ML for Threat Detection Lab

AI & ML for Threat Detection Lab Overview In this lab, you’ll apply machine learning techniques to detect anomalies in log data—mimicking how AI supports SOC teams. You’ll use Python tools such as scikit-learn or PyCaret to train unsupervised models and compare results to traditional rule-based detection. Lab Instructions 1. Setting Up Your Environment You will need: Python 3.9+ Jupyter Notebook or Google Colab Install required libraries: pip install pandas matplotlib seaborn scikit-learn pycaret Download a sample log dataset (or use the instructor-provided logs). Suggested sources: ...

Threat Hunting & Anomaly Detection Lab

Threat Hunting & Anomaly Detection Lab Overview Threat hunting is a proactive cybersecurity approach that involves identifying potential security threats before they cause harm. This lab introduces students to threat hunting techniques, anomaly detection strategies, and behavioral analysis methods to detect advanced threats that evade traditional security tools. Lab Instructions 1. Setting Up Your Environment You will need: A SIEM platform (Splunk, Wazuh, or ELK Stack) Access to MITRE ATT&CK, VirusTotal, and AlienVault OTX A dataset containing logs from a simulated network breach (provided by instructor) Install required tools (if using Wazuh on Debian-based OS) sudo apt update && sudo apt install wazuh-agent 2. Collecting Security Data for Threat Hunting Threat hunters use logs from multiple sources, including: ...