Finding Bad Guys Using Math and Statistics

Using enrichment to turn low-value events into high-value events. Enrichment techniques are geoip, tld extraction, length, and entropy. I then demonstrate how to find anomalous stuff like: drive-by malware / malicious web browsing Command and Control (C2) Communications DNS tunneling Data Exfiltration