|
18 | 18 | ] |
19 | 19 | }, |
20 | 20 | { |
| 21 | + "attachments": {}, |
21 | 22 | "cell_type": "markdown", |
22 | 23 | "id": "f45faebf-7265-44f7-b040-041425cb925f", |
23 | 24 | "metadata": {}, |
24 | 25 | "source": [ |
25 | 26 | "## ArangoGraph Insights Platform and ArangoGraph Notebook server\n", |
26 | | - "The Cyber Threat Detection demo is an ArangoGraph Notebook that is designed to execute on the JupyterLab notebook server embedded in the ArangoGraph Insights Platform. To run this notebook, you need to have an account on ArangoGraph. If you do not have an account, you can sign up for a free account at http://cloud.arangodb.com \n", |
| 27 | + "The Cyber Threat Detection demo is an ArangoGraph Notebook designed to execute on the JupyterLab notebook server embedded in the ArangoGraph Insights Platform. To run this notebook, you need to have an account on ArangoGraph. If you do not have an account, you can sign up for a free account at https://cloud.arangodb.com \n", |
27 | 28 | "\n", |
28 | 29 | "### ArangoGraph Deployment\n", |
29 | | - "Use an existing deployment or create a new one to use. Once you have a database deployment on ArangoGraph, naviage to the \"Data Science\" tab, and then deploy a notebook server. Upload this notebook into the notebook server and start testing the notebook.\n", |
| 30 | + "Use an existing deployment or create a new one to use. Once you have a database deployment on ArangoGraph, navigate to the \"Data Science\" tab and then deploy a notebook server. Upload this notebook into the notebook server and start testing the notebook.\n", |
30 | 31 | "\n", |
31 | 32 | "### The Cyber Threat Detection Notebook\n", |
32 | | - "The notebook integrates seamlessly with the ArangoGraph ecosystem, automatically connecting to ArangoGraph services, including ArangoDB and the ArangoML platform services. This makes it much easier to leverage these resources without having to remember userId's, Passwords, and endpoint URL's. The ArangoDB Notebook also implements \"Magic\" commands that make it very easy to leverage ArangoGraph Services. The ArangoGraph Notebook also pre-installs python-arango and ArangoML connectors to PyG, DGL, CuGraph, as well as the FastGraphML library, so you can get started right away accessing data in ArangoDB to develop GraphML models using your favorite GraphML libraries with GPU's." |
| 33 | + "The notebook integrates seamlessly with the ArangoGraph ecosystem, automatically connecting to ArangoGraph services, including ArangoDB and the ArangoML platform services. This integration makes it much easier to leverage these resources without having to remember usernames, passwords, and endpoint URLs. The ArangoDB Notebook also implements \"Magic\" commands that make it very easy to leverage ArangoGraph Services. The ArangoGraph Notebook also pre-installs python-arango and ArangoML connectors to PyG, DGL, CuGraph, as well as the FastGraphML library, so you can get started right away accessing data in ArangoDB to develop GraphML models using your favorite GraphML libraries with GPU's." |
33 | 34 | ] |
34 | 35 | }, |
35 | 36 | { |
|
46 | 47 | "ArangoDB's graph database architecture is a powerful tool for analyzing and visualizing complex data related to cyber threats. This tutorial showcases ArangoGraph Insights Platform's capabilities in action to detect and understand these threats.\n", |
47 | 48 | "\n", |
48 | 49 | "### Cyber Knowledge Graph \n", |
49 | | - "The Cyber Knowledge Graph is the result of fusing together disparate data from network packet capture, email, and domain name registration information, to detect threats. The demonstration shows how to detect known threats and unknown threats\n", |
| 50 | + "The Cyber Knowledge Graph is the result of fusing together disparate data from network packet capture, email, and domain name registration information, to detect threats. The demonstration shows how to detect known threats and unknown threats\n", |
| 51 | + "\n", |
50 | 52 | "### Known Threat Detection\n", |
51 | | - "For known threat detection, we demonstration how you can use a simple graph query to detect Trickbot Intrusions. The resulting graph of the trickbot intrusion will show you what happened, and expanding the detection to the emails that caused the infection.\n", |
| 53 | + "For known threat detection, we demonstrate how to use a simple graph query to detect Trickbot Intrusions. The resulting graph of the Trickbot intrusion will show you what happened and expand the detection to the emails that caused the infection.\n", |
| 54 | + "\n", |
52 | 55 | "### Unknown Threat Detection\n", |
53 | | - "We use Graph Neural Networks (GNN's) to do anomaly detection on the network traffic. GNN's learn the network behavior around hosts and allow you to indentify uncommon behavior.\n", |
| 56 | + "We use Graph Neural Networks (GNNs) to do anomaly detection on the network traffic. GNNs learn the network behavior around hosts and allow you to identify uncommon behavior.\n", |
54 | 57 | "\n", |
55 | 58 | "\n" |
56 | 59 | ] |
|
72 | 75 | ] |
73 | 76 | }, |
74 | 77 | { |
| 78 | + "attachments": {}, |
75 | 79 | "cell_type": "markdown", |
76 | 80 | "id": "6bc344d4-2c15-47dd-a752-32f1b870243e", |
77 | 81 | "metadata": {}, |
|
92 | 96 | ] |
93 | 97 | }, |
94 | 98 | { |
| 99 | + "attachments": {}, |
95 | 100 | "cell_type": "markdown", |
96 | 101 | "id": "7405d5db-8825-48a1-be10-87bcf1b879dd", |
97 | 102 | "metadata": {}, |
|
112 | 117 | ] |
113 | 118 | }, |
114 | 119 | { |
| 120 | + "attachments": {}, |
115 | 121 | "cell_type": "markdown", |
116 | 122 | "id": "459a6cb6-bece-452a-b399-969aa09d23f2", |
117 | 123 | "metadata": {}, |
|
144 | 150 | "from arango_datasets.datasets import Datasets\n", |
145 | 151 | "from arango import ArangoClient\n", |
146 | 152 | "\n", |
147 | | - "# Datasets requires a valid database object \n", |
148 | | - "db = ArangoClient(hosts='http://localhost:8529').db(\"dbName\", username=\"root\", password=\"\")\n", |
149 | | - "\n", |
| 153 | + "# _db refers the active database, this is set when calling `useDatabase`\n", |
150 | 154 | "datasets = Datasets(_db)\n", |
151 | 155 | "\n", |
152 | 156 | "# list available datasets\n", |
|
167 | 171 | ] |
168 | 172 | }, |
169 | 173 | { |
| 174 | + "attachments": {}, |
170 | 175 | "cell_type": "markdown", |
171 | 176 | "id": "02307570-8077-4390-bdb9-038c6d8a56ce", |
172 | 177 | "metadata": { |
|
192 | 197 | ] |
193 | 198 | }, |
194 | 199 | { |
| 200 | + "attachments": {}, |
195 | 201 | "cell_type": "markdown", |
196 | 202 | "id": "b5befbfe-936d-4027-a915-fc37b140af33", |
197 | 203 | "metadata": {}, |
|
238 | 244 | ] |
239 | 245 | }, |
240 | 246 | { |
| 247 | + "attachments": {}, |
241 | 248 | "cell_type": "markdown", |
242 | 249 | "id": "a5fa80dd-db1b-4ffe-a1fa-1cb64adc038a", |
243 | 250 | "metadata": {}, |
244 | 251 | "source": [ |
245 | 252 | "### The following query searches the communication graph for the graph patterns characteristic of TrickBot intrusions\n", |
246 | | - "Run this in the ArangoDB query editor to see a graph visualization of TrickBot intrusion." |
| 253 | + "Run this query to see a graph visualization of TrickBot intrusion." |
247 | 254 | ] |
248 | 255 | }, |
249 | 256 | { |
|
261 | 268 | ] |
262 | 269 | }, |
263 | 270 | { |
| 271 | + "attachments": {}, |
264 | 272 | "cell_type": "markdown", |
265 | 273 | "id": "318b1f99-757d-4926-a996-8fb54cfc7516", |
266 | 274 | "metadata": {}, |
|
275 | 283 | "metadata": {}, |
276 | 284 | "outputs": [], |
277 | 285 | "source": [ |
278 | | - "%deleteDatabase ArangoCyber" |
| 286 | + "# Uncomment and run the following line to cleanup the database\n", |
| 287 | + "# %deleteDatabase ArangoCyber" |
279 | 288 | ] |
280 | 289 | } |
281 | 290 | ], |
|
0 commit comments