6 Using fundamental statistical constructs
This chapter covers
- Using fundamental statistical constructs to build security analytic capabilities
- Applying statistical constructs for threat hunting
- Using anomaly detection to uncover activities outside the norm
- Uncovering malicious beaconing by using fundamental statistical constructs
- Investigating endpoints using osquery
Now that we have conducted several expeditions, let’s explore how we can harvest the power of statistics in threat hunting. In this chapter, you will learn new skills that help you design and apply analytics using tools that can connect to your data store.
You are not expected to be a statistician to make good use of statistics; neither will you be one after finishing this chapter. You are a threat hunter who can understand and then use statistics to uncover clues. You can read about specific topics in statistics or work with a statistics expert if your direct or extended team (in-house or outsourced) has the required knowledge and expertise.
In this chapter, we borrow fundamental, yet powerful if properly designed and deployed, statistics concepts such as standard deviation to uncover threats. By the end of this chapter, you will have a good understanding of these concepts and know how to apply them in your threat-hunting expeditions.