I hereby claim:
- I am holisticinfosec on github.
- I am holisticinfosec (https://keybase.io/holisticinfosec) on keybase.
- I have a public key ASAc1t0PISb-ZngqpjZbc97zLn6ThDLJZjGdRHLt6l3QCgo
To claim this, I am signing this object:
Russ McRee holisticinfosec
holisticinfosec
/ Server_Logon_Counts.R
Last active
June 3, 2018 21:56
Server Logon Counts - Anomalize
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Created from Anomalize project, Matt Dancho | |
| # https://github.com/business-science/anomalize | |
| library(tidyverse) | |
| library(anomalize) | |
| security_access_logs %>% | |
| ggplot(aes(date, count)) + | |
| geom_point(color = "#2c3e50", alpha = 0.25) + | |
| facet_wrap(~ server, scale = "free_y", ncol = 3) + | |
| theme_minimal() + | |
| theme(axis.text.x = element_text(angle = 30, hjust = 1)) + |
holisticinfosec
/ Security_Event_Log_Anomalies.R
Last active
June 3, 2018 21:54
Security Event Log Anomalies
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Created from Anomalize project, Matt Dancho | |
| # https://github.com/business-science/anomalize | |
| security_access_logs %>% | |
| # Data Manipulation / Anomaly Detection | |
| time_decompose(count, method = "stl") %>% | |
| anomalize(remainder, method = "iqr") %>% | |
| time_recompose() %>% | |
| # Anomaly Visualization | |
| plot_anomalies(time_recomposed = TRUE, ncol = 3, alpha_dots = 0.25) + | |
| labs(title = "Security Event Log Anomalies", subtitle = "STL + IQR Methods") |
NewerOlder