Tech tip: Invoke a system command in R, (Fri, Jul 31st)

 SANS Internet Storm Center, Security Alerts  Comments Off on Tech tip: Invoke a system command in R, (Fri, Jul 31st)
Jul 302015
 

I spend a lot of time using R, theprogramming language and software environment for statistical computing and graphics. Its incredibly useful for visualization and analysis, consider Data-Driven Security as a great starting point and reference, along with this article,if youre further interested.

One of my recent discoveries (I">system toinvoke">system, in two lines I can call Log Parser, pull the Windows security event log, write it to CSV, and create a data frame out of it that I can then do any number of other cool things with. Note: to pull the Windows security event log you need to be running with elevated privilege and need to run R as admin for this example scenario.

In short:

Set a working directory:">setwd(D:/coding/R/EventVizWork)
Call Log Parser with system:">system(logparser Select * into security.csv from Security -i:evt -o:csv)

Statistics:
-----------
Elements processed: 112155
Elements output: 112155
Execution time: 26.80 seconds

Read the results into a data frame:">secevtlog - read.csv(security.csv)

Tomorrow I">|">@holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC StormCast for Thursday, July 30th 2015 http://isc.sans.edu/podcastdetail.html?id=4591, (Thu, Jul 30th)

 SANS Internet Storm Center, Security Alerts  Comments Off on ISC StormCast for Thursday, July 30th 2015 http://isc.sans.edu/podcastdetail.html?id=4591, (Thu, Jul 30th)
Jul 292015
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
%d bloggers like this: