Investigating cyber security incidents with Python.
Pandas can be used to normalize data from different log sources and analyze the resultant data. When dealing with large volumes of data, analysis becomes more complicated. This is because issues of storage and processing speed will arise. You may need to leverage the SIEM tool and cloud security tools in addition to your Python scripting ability.
Often you need to sanitize the log data and prepare it for analysis by removing clutter and unwanted text. Prepare your search criteria in the form of regular expressions or plain text patterns.
Sometimes you need to develop temporary listeners, pattern matching search rules which can trigger alarms for suspicious activity, also you can write simulation scripts that can mimic malware behavior to test and create defensive mechanisms.
The libraries in Python that are widely used in cybersecurity
Pandas
NumPy
NLTK
Scikit
Nmap
Twisted
Scapy
Beautiful soup
Cryptography library
YARA
Pymetasploit3
Mechanize
Socket
Requests
