Professional Documents
Culture Documents
This document aims to explain the motivations for the LoRD security process. This
document does not attempt to describe in depth every possible detail of the process,
but hopefully explains the key points and should allow me to spot any obvious mistakes
ahead of time.
This document aims to answer questions not only about how we’re going to apply this,
but also why we’re applying it, what it will be used for, and who will be using it.
Definitions
Incident Response
Logs and event data are key to any incident response analysis to get more detailed
information.
LoRD: Load, Reshape & Detect by Leonardo Carlos Armesto is licensed under CC BY 4.0
Architecture
Load process
The first challenge is obtaining data from data storages (application logs, databases,
etc.) which will be momentarily buffered on different dataframes.
Based on the results the second challenge is obtaining reliable data from online threat
research and intelligence services which will also be buffered on other dataframes.
Reshape process
As the data come in multiple formats and structures it needs to be converted or flatter
into a tabular form and again buffered to dataframes as well.
Detect process
Finally, the dataframes should be merged/joined so the resulting combined-dataframe
will contain all flagged/tagged event data to generate threat reports or for alerting
purposes.
LoRD: Load, Reshape & Detect by Leonardo Carlos Armesto is licensed under CC BY 4.0