week 2

3.2 Methods of transforming data

3.2.1 Methods of transforming data:

When organisations collect data, it is often raw and not immediately useful. To make it valuable, it must be transformed. The main methods are:

• Manipulating

• Analysing

• Processing

Manipulating Data

Changing or reorganising data to make it more understandable or useful. This might include filtering, sorting, or combining data from different sources.

A college IT support team exports login data from the network. At first, it’s just thousands of rows of timestamps and usernames. By manipulating the data (sorting by user, filtering failed attempts), they quickly see which accounts have repeated login failures.

Splunk and Elastic (ELK Stack) are widely used in cybersecurity to manipulate and search through huge log files, making it easier to spot patterns of suspicious behaviour

Analysing Data

Looking at data in depth to identify patterns, trends, or relationships. Analysing moves beyond just reorganising – it’s about making sense of the information.

After manipulating login records, the IT team analyses them and notices that 80% of failed logins happen between midnight and 3 a.m. This unusual pattern suggests a brute-force attack.

IBM Security QRadar analyses logs from multiple systems (firewalls, servers, apps) to detect cyber threats by identifying unusual traffic patterns.

Processing Data

Converting raw data into a different format or structure so it can be used by systems, applications, or people. Processing often involves automation.

A system collects sensor data from a server room (temperature, humidity). This raw data is processed into a dashboard that shows “green, amber, red” warnings. IT staff don’t need to read every number – the processed data tells them instantly if action is needed.

SIEM (Security Information and Event Management) tools like Azure Sentinel automatically process logs from thousands of endpoints and generate alerts for IT teams.

You are part of a college IT security team. Below is some raw login data:

                          +----------------+---------------------------------+------------+
                          |    Username  |               Timestamp           |    Status   |
                          +----------------+---------------------------------+------------+
                          |       Alex01     |     02/09/2025 00:15:12      |  Failed     |
                          +----------------+---------------------------------+------------+
                          |       Alex01     |     02/09/2025 00:15:12      |  Failed     |
                          +----------------+---------------------------------+------------+
                          |       Alex01     |     02/09/2025 00:15:12      |  Failed     |
                          +----------------+---------------------------------+------------+
                          |       Sam02     |     02/09/2025 00:15:12      |  Success   |
                          +----------------+---------------------------------+------------+
                          |       Mia03      |     02/09/2025 00:15:12      |  Failed     |
                          +----------------+---------------------------------+------------+
                          |       Mia03      |     02/09/2025 00:15:12      |  Failed     |
                          +----------------+---------------------------------+------------+
                          |       Mia03      |     02/09/2025 00:15:12      |  Success  |
                          +----------------+---------------------------------+------------+


Task:
Manipulating:
Sort the data by username. What do you notice?

Analysing:
Which accounts show suspicious behaviour? Why?

Processing:
Imagine you are designing a dashboard. How would you present this data (e.g., traffic light system, charts, alerts)?

Extension:
Research one industry tool (Splunk, ELK Stack, QRadar, or Azure Sentinel).
Explain: Does it mainly manipulate, analyse, or process data – or all three?

Last Updated
2025-09-01 14:19:57