Python Adventures – 02

The noob in me means I should read the instructions first, the engineer in me says I can figure it out, I don’t need no stinking instructions! How quickly I forget the last time I attempted this method with Ikea kitchen cabinets, um…..Moving swiftly along; I fixed my Windows RStudio installation issues. I had this strange assumption that RStudio would come with R. Similarly to how Visual Studio comes with C#. Assumptions and IT rarely work out well.

R goes hand in hand with Python if you want to break out of metrics beyond averages, using a normal distribution or standard deviation. If you want to crunch juicy, more advanced numbers R is the way to go. I’m new to R and I know just enough statistics to be slightly mathematically dangerous J

Remember, numbers are your friend, they justify the return on IT Security investment, i.e. your paycheck.

To download R, go to the CRAN project page and choose a close mirror for the newest package which is R-3.1.1 for Windows 32/64. Although the title of the package screams security vulnerabilities, my version was patched to 2014-08-18, the day I downloaded it. Once R is downloaded and installed, RStudio can be installed and it works straight away on Windows.

Let’s say I have 5 assets and I want to put them in a data frame with vulnerability counts:

#R data frame example similar to Data-Driven Security Listing 2-1

#create a new data frame of 5 IT and OT assets and vulnerability counts

assets.df <- data.frame(

name=c(“ControlRoom-PC001″,”PLC-002″,”RTU-003″,”DCS-004″,”FilePrint-SVR005”),

os=c(“WinXP”,”Fatek”,”GE_D20MX”,”DLink_DCS-2000″,”W2K8″),

highvulns=c(25,5,12,6,0))

#review the data frame structure & content

str(assets.df)

#review assets as now added in

head(assets.df)

#shows a sample or slice of the available operating systems input

head(assets.df$os)

#Addition of a new column with IP address information & new column

assets.df$ip <- c(“10.10.1.2″,”10.10.2.2″,”10.10.3.3”,

“10.10.2.4”, “10.10.4.5”)

#Display assets only with greater than 10 high vulnerabilities & new column

head(assets.df[assets.df$highvulns>10,])

#Categorize assets in zones and add a new column

assets.df$zones <- ifelse(grepl(“^10.10.2″,assets.df$ip),”Zone1″,”Zone2”)

#final inspection of code input

head(assets.df)

 

If all goes well your run output will look like this:

>

 #R data frame example similar to Data-Driven Security Listing 2-1
> #create a new data frame of 5 IT and OT assets and vulnerability counts
> assets.df <- data.frame(
+   name=c("ControlRoom-PC001","PLC-002","RTU-003","DCS-004","FilePrint-SVR005"),
+   os=c("WinXP","Fatek","GE_D20MX","DLink_DCS-2000","W2K8"),
+   highvulns=c(25,5,12,6,0))
> 
> #review the data frame structure & content
> str(assets.df)
'data.frame':    5 obs. of  3 variables:
 $ name     : Factor w/ 5 levels "ControlRoom-PC001",..: 1 4 5 2 3
 $ os       : Factor w/ 5 levels "DLink_DCS-2000",..: 5 2 3 1 4
 $ highvulns: num  25 5 12 6 0
> #review assets as now added in
> head(assets.df)
               name             os highvulns
1 ControlRoom-PC001          WinXP        25
2           PLC-002          Fatek         5
3           RTU-003       GE_D20MX        12
4           DCS-004 DLink_DCS-2000         6
5  FilePrint-SVR005           W2K8         0
> #shows a sample or slice of the available operating systems input
> head(assets.df$os)
[1] WinXP          Fatek          GE_D20MX       DLink_DCS-2000 W2K8          
Levels: DLink_DCS-2000 Fatek GE_D20MX W2K8 WinXP
> #Addition of a new column with IP address information & new column
> assets.df$ip <- c("10.10.1.2","10.10.2.2","10.10.3.3",
+                   "10.10.2.4", "10.10.4.5") 
> #Display assets only with greater than 10 high vulnerabilities & new column
> head(assets.df[assets.df$highvulns>10,])
               name       os highvulns        ip
1 ControlRoom-PC001    WinXP        25 10.10.1.2
3           RTU-003 GE_D20MX        12 10.10.3.3
> #Categorize assets in zones and add a new column
> assets.df$zones <- ifelse(grepl("^10.10.2",assets.df$ip),"Zone1","Zone2")
> #final inspection of code input
> head(assets.df)
               name             os highvulns        ip zones
1 ControlRoom-PC001          WinXP        25 10.10.1.2 Zone2
2           PLC-002          Fatek         5 10.10.2.2 Zone1
3           RTU-003       GE_D20MX        12 10.10.3.3 Zone2
4           DCS-004 DLink_DCS-2000         6 10.10.2.4 Zone1
5  FilePrint-SVR005           W2K8         0 10.10.4.5 Zone2
>

 

 

 

 

 

 

 

 

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: