Data Engineering for Cybersecurity

Download Chapter 4: Endpoint and Network Data

Look Inside!

When a cybersecurity incident occurs, how does anyone know? Data must leave workstations and servers, bounce across the network, and land in a central database before analysts can use it. This project-based book covers that complex space between an organization’s computers and the security analyst tasked with protecting them. The guidance is straightforward, and the focus is on streamlining the process of gathering, transforming, and storing cybersecurity data using free and open-source tools.

The author elaborates on core logging strategies, while also emphasizing the importance of standardizing data, using encryption to protect transmitted data, and creating “data pipelines” that support cybersecurity, data analytics, and automation needs alike. You’ll how to:

• Implement core logging strategies using free tools such as the Elastic stack
• Transform data to fit your needs, and configure your tools to send it back and forth 
• Secure your logging infrastructure by encrypting connections using TLS and SSH 
• Handle version control and backups with Git, and improve your efficiency with caching

By the end, you’ll know how to enrich your security data, protect it from unauthorized parties, and automate your workflow in the process – leaving more room for creative thinking.