Wednesday
Room 2
13:40 - 14:40
(UTC+01)
Talk (60 min)
AI Agents and Jupyter Notebooks for Security Data Analysis
Security analysts often start with a query to retrieve security event logs, but this is only the first step. The real work happens after the results come back: more filtering, counting, grouping, and visualizing patterns in the data. It is difficult for an LLM to replicate these data-analysis steps by simply processing raw log data. One way to support this is by letting an AI agent load the results as a DataFrame and run the post-query analysis inside a Jupyter notebook. This gives the agent a space to explore the data the same way an analyst would, but with clear, repeatable steps.
In this talk, I will show how an AI agent can run Python code, add markdown, and work through security datasets inside a live Jupyter notebook. I will walk through open-source tools that make it easy to connect to data sources and support this workflow. We will see how analysts can watch the agent’s reasoning, review the notebook as it builds, and reuse the steps for new playbooks. This approach enables deeper analysis, cleaner visuals, and faster iteration while keeping humans in control. It also gives analysts a simple way to test and understand how agentic workflows can support their existing investigation process.
Roberto Rodriguez
Roberto Rodriquez is a Principal Security AI Researcher at Microsoft, where he focuses on exploring and developing solutions that leverage autonomous agents to defend and protect the organization. He is the founder of the Open Threat Research (OTR) community, which fosters collaboration and shares innovative research projects with the broader security community. Roberto is also the author of several influential open-source projects, including the Threat Hunter Playbook, Security Datasets, OSSEM, SimuLand, and ATT&CK Python Client. To follow his latest work and contributions, visit https://blog.openthreatresearch.com/ and https://github.com/OTRF