Security Analytics on Incidents logged and resolved
Aankur Bhatia
Report generated on 2015-01-21
The analysis and charts have been prepared using Data Science and R Statistical programming language.
The data for this report has been obtained from ‘SIEM’ dataset and the location of the file is:
C:/Users/IBM_ADMIN/Desktop/Datasets
1. Data Visualization by number of events, months, vendor, category and threat type
2. Total number of events occuring in 2014 (by Month)
3. Data Visualization of Time to log an incident
4. Data Visualization of Time to log events - separately by events occuring ‘ON’ and ‘OFF’ time
5. Total number of events occuring during ‘ON’ and ‘OFF’ time hours
6. Analysis of Mean time to log for events during ‘ON’ and ‘OFF’ time hours
7. Analysis of Mean time (in hours) to log events by Month
8. Analysis of Mean time to log event by Vendors
9. Multi dimensional analysis of ‘Time to Log’ by Category and Vendor
10. Analysis of Mean time (in hours) to Log Events by Vendor and ‘ON’/ ‘OFF’ time
11. Data visualization of Time to Resolution by Month, Vendor, Category,Result and Number of Events
12. Analysis and Plot of total number of Incidents reported and resolved by Month
13. Boxplot analysis of Time to Resolve events by Months
14. Error Bars analysis of Mean Time to Resolve Incidents by categories
15. Analysis by Frequency Histogram of the total Time to Resolution by Vendor
16. Scatter plot analysis of Time to Log vs Time to Resolve
17. Analysis of Events Open and un-Resolved by Categories
The dataset contains 231 records and 36 variables
1. Data Visualization by number of events, months, vendor, category and threat type
2.Total number of events occuring in 2014 (by Month)
3. Data Visualization of Time to log an incident
4. Data Visualization of Time to log events - separately by events occuring ‘ON’ and ‘OFF’ time
5. Total number of events occuring during ‘ON’ and ‘OFF’ time hours
## event.time time.log
## 1 off time 43
## 2 Work time 1876. Analysis of Mean time to log for events during ‘ON’ and ‘OFF’ time hours
7. Analysis of Mean time (in hours) to log events by Month
8. Analysis of Mean time to log event by Vendors
## vendor time.log
## 1 ABC 25.48
## 2 DEF 2.51
## 3 GHI 8.87
## 4 JKL 6.979. Multi dimensional analysis of ‘Time to Log’ by Category and Vendor
## category vendor time.log
## 1 AOL ABC 0.93
## 2 Hacking ABC 47.40
## 3 Misc ABC 0.75
## 4 Anti-Virus DEF 0.02
## 5 AOL DEF 16.63
## 6 Hacking DEF 5.83
## 7 Malware DEF 1.65
## 8 Misc DEF 8.37
## 9 Privilige escalation DEF 3.82
## 10 Data Leakage GHI 13.77
## 11 ddos GHI 1.40
## 12 Hacking GHI 2.83
## 13 Malware GHI 28.89
## 14 Misc GHI 5.34
## 15 Privilige escalation GHI 12.33
## 16 Malware JKL 5.42
## 17 Misc JKL 8.5110. Analysis of Mean time (in hours) to Log Events by Vendor and ‘ON’/ ‘OFF’ time
11. Data visualization of Time to Resolution by Month, Vendor, Category,Result and Number of Events
12. Analysis and Plot of total number of Incidents reported and resolved by Month
## Month Incident.reported Incident.resolved
## 1 January 28 34
## 2 February 8 1
## 3 March 38 19
## 4 April 20 25
## 5 May 49 9
## 6 June 29 43
## 7 July 58 19
## 8 August 0 47
13. Boxplot analysis of Time to Resolve events by Months
## resolved.month time.resolve
## 1 January 301.45
## 2 March 667.64
## 3 April 63.39
## 4 May 136.73
## 5 June 182.35
## 6 July 213.70
## 7 August 56.99
14. Error Bars analysis of Mean Time to Resolve Incidents by categories
15. Analysis by Frequency Histogram of the total Time to Resolution by Vendor
16. Scatter plot analysis of Time to Log vs Time to Resolve
17. Analysis of Events Open and un-Resolved by Categories
## category vendor status
## 1 Malware DEF 12
## 2 Misc DEF 5
## 3 Privilige escalation DEF 2
## 4 Misc GHI 14