Abstract
Modern cyber security operations collect an enormous amount of logging andalerting data. While analysts have the ability to query and compute simplestatistics and plots from their data, current analytical tools are too simpleto admit deep understanding. To detect advanced and novel attacks, analyststurn to manual investigations. While commonplace, current investigations aretime-consuming, intuition-based, and proving insufficient. Our hypothesis isthat arming the analyst with easy-to-use data science tools will increase theirwork efficiency, provide them with the ability to resolve hypotheses withscientific inquiry of their data, and support their decisions with evidenceover intuition. To this end, we present our work to build IDEAS (InteractiveData Exploration and Analysis System). We present three real-world use-casesthat drive the system design from the algorithmic capabilities to the userinterface. Finally, a modular and scalable software architecture is discussedalong with plans for our pilot deployment with a security operation command.