Cybersecurityknowledge~30 mins

Detection and analysis phase in Cybersecurity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Understanding the Detection and Analysis Phase in Cybersecurity

📖 Scenario: You are part of a cybersecurity team responsible for protecting a company's computer systems. Your team needs to understand how to detect and analyze potential security threats effectively.

🎯 Goal: Build a simple step-by-step outline that shows how to set up data, configure detection parameters, analyze alerts, and complete the detection and analysis phase in cybersecurity.

📋 What You'll Learn

Create a list of common cybersecurity alerts

Set a threshold for alert severity

Filter alerts based on severity

Summarize the filtered alerts for reporting

💡 Why This Matters

🌍 Real World

Cybersecurity teams use detection and analysis to identify and prioritize threats quickly, helping protect systems from attacks.

💼 Career

Understanding how to organize, filter, and analyze security alerts is essential for roles like security analyst, incident responder, and cybersecurity engineer.

Progress0 / 4 steps

DATA SETUP: Create a list of cybersecurity alerts

Create a list called alerts with these exact entries: {'id': 101, 'type': 'malware', 'severity': 7}, {'id': 102, 'type': 'phishing', 'severity': 5}, {'id': 103, 'type': 'ransomware', 'severity': 9}, {'id': 104, 'type': 'spyware', 'severity': 4}, and {'id': 105, 'type': 'trojan', 'severity': 6}.

Cybersecurity

# Create the list 'alerts' with the specified dictionaries
# Your code here

Need a hint?

Use a list with dictionaries inside to represent each alert with its id, type, and severity.

CONFIGURATION: Set the severity threshold

Create a variable called severity_threshold and set it to the integer 6 to filter alerts with severity 6 or higher.

Cybersecurity

alerts = [
    {'id': 101, 'type': 'malware', 'severity': 7},
    {'id': 102, 'type': 'phishing', 'severity': 5},
    {'id': 103, 'type': 'ransomware', 'severity': 9},
    {'id': 104, 'type': 'spyware', 'severity': 4},
    {'id': 105, 'type': 'trojan', 'severity': 6}
]
# Set the severity_threshold variable to 6
# Your code here

Need a hint?

Just assign the number 6 to the variable named severity_threshold.

CORE LOGIC: Filter alerts by severity

Create a new list called high_severity_alerts that includes only the alerts from alerts where the severity is greater than or equal to severity_threshold.

Cybersecurity

alerts = [
    {'id': 101, 'type': 'malware', 'severity': 7},
    {'id': 102, 'type': 'phishing', 'severity': 5},
    {'id': 103, 'type': 'ransomware', 'severity': 9},
    {'id': 104, 'type': 'spyware', 'severity': 4},
    {'id': 105, 'type': 'trojan', 'severity': 6}
]

severity_threshold = 6

# Create 'high_severity_alerts' list filtering alerts by severity
# Your code here

Need a hint?

Use a list comprehension to select alerts where severity is at least the threshold.

COMPLETION: Summarize filtered alerts

Create a dictionary called alert_summary with two keys: 'count' set to the number of alerts in high_severity_alerts, and 'types' set to a list of the type values from each alert in high_severity_alerts.

Cybersecurity

alerts = [
    {'id': 101, 'type': 'malware', 'severity': 7},
    {'id': 102, 'type': 'phishing', 'severity': 5},
    {'id': 103, 'type': 'ransomware', 'severity': 9},
    {'id': 104, 'type': 'spyware', 'severity': 4},
    {'id': 105, 'type': 'trojan', 'severity': 6}
]

severity_threshold = 6

high_severity_alerts = [alert for alert in alerts if alert['severity'] >= severity_threshold]

# Create 'alert_summary' dictionary with count and types of high severity alerts
# Your code here

Need a hint?

Use len() to count alerts and a list comprehension to get their types.