This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity  #ndcconferences  #security  #developer   #softwaredeveloper    

Attend the next NDC conference near you: 
https://ndcconferences.com
https://ndc-security.com/

Subscribe to our YouTube channel and learn every day:      

Follow our Social Media!

https://www.facebook.com/ndcconferences
https://twitter.com/NDC_Conferences
https://www.instagram.com/ndc_conferences

#ai #machinelearning 

Security analysts often start with a query to retrieve security event logs, but this is only the first step. The real work happens after the results come back: more filtering, counting, grouping, and visualizing patterns in the data. It is difficult for an LLM to replicate these data-analysis steps by simply processing raw log data. One way to support this is by letting an AI agent load the results as a DataFrame and run the post-query analysis inside a Jupyter notebook. This gives the agent a space to explore the data the same way an analyst would, but with clear, repeatable steps.

In this talk, I will show how an AI agent can run Python code, add markdown, and work through security datasets inside a live Jupyter notebook. I will walk through open-source tools that make it easy to connect to data sources and support this workflow. We will see how analysts can watch the agent’s reasoning, review the notebook as it builds, and reuse the steps for new playbooks. This approach enables deeper analysis, cleaner visuals, and faster iteration while keeping humans in control. It also gives analysts a simple way to test and understand how agentic workflows can support their existing investigation process.

NDC Conferences

A conference talk by Roberto Rodriguez demonstrating how to use AI agents with Jupyter notebooks for security data analysis. The core idea is the 'code act' pattern: instead of passing raw data directly to an LLM, agents write and execute Python code in a Jupyter kernel to process and analyze data, then pass only summaries and metadata back to the LLM. Two open-source Python packages are released: a Jupyter toolkit MCP server that exposes notebook/kernel tools to agents, and an agent data toolkit with PostgreSQL wrappers. The talk also covers connecting agents to real databases, using progressive disclosure via AI agent skills (skill.md files) to structure autonomous workflows, and a live demo analyzing 4,000 rows of Microsoft Defender XDR events to identify a brute-force RDP attack pattern.

AI Agents and Jupyter Notebooks for Security Data Analysis - Roberto Rodriguez