Practical MSTICPY Use - Rainbow Bridge to SIEM for Advanced Threat Hunting

Analyzing logs with SIEM has become commonplace these days. Are you stuck with the analysis that can be done with only your SIEM? Aren't you just looking at your dashboard, are you? Data analysis should be a freedom. In other words, uniquely conceived analytical logic, unrestricted external collaboration, eccentric visualization, emphasis that is easy for readers to understand etc. On the other hand, it may be easier and suitable for junior analysts and operators to do conventional analyses as routine works. Microsoft's msticpy is a great tool which can do the both. Despite, I rarely see msticpy users in APAC, especially in Japan! In this talk, I will introduce the mutual use of msticpy and SIEM, and emphasize the unique features of msticpy. After this talk, you will surely want to do analysis freely using msticpy!