Cyber Security Incident Investigation using Graphistry

**Use Cases** In this solution accelerator, we showcase how SOC analyts, Incident Responders and Threat Hunters can use Databricks to - Investigate an incident or alert to determine if it is true positive or false positive. If it is a true positive, determine the host and users impacted, so that remediation steps can be taken. - Investigate leads from a threat hunting exercise. - Hunt for threats given a piece of threat intelligence or a news release **Technical Overview** - Leverage any cybersecurity data in the lakehouse without transforming the data into a graph data model at ingestion time. - Dynamically run a query to filter the data and convert to graph data model at analysis time. This flexibility allows the analyst to tweak the graph data model at will during analysis. - Send the resultant data frames (nodes and edges) to graphistry for visualization - Perform investigation and analysis in graphistry UI without writing any code Click on the "Get instant access" button in the top right corner to clone the solution accelerator repo into your workspace. Once the repo is cloned into your workspace, please execute the **RUNME** notebook in the repo in order to create the cluster and job you can use to run the notebooks.