Analytics and Incident Response

This chapter focuses on the analysis of data so that you have the skillset to analyze the large volume of most organizations already collect. We cover the use of open-source tools, such as Hadoop, MapReduce, R, and Mahout, so that you have a solid foundation for understanding the analytical process on any platform. Specifically, we demonstrate the power of these tools by applying them to a typical security scenario—analyzing very large collections of server log files. The tools and methods can be applied to the analysis of data from other systems sources as well.