264.TEMPLES OF INDIA DATASET ANALYSIS USING PROC PRINT | PROC CONTENTS | PROC SORT | PROC FREQ | PROC MEANS | PROC SQL | PROC TABULATE | PROC REPORT | PROC TRANSPOSE | PROC FORMAT | PROC RANK | PROC SGPLOT | MACROS

on
0

177.SIMULATED CYBERSECURITY THREAT DETECTION DATASET WITH ATTACK PATTERN ANALYSIS | PROC SQL | PROC MACRO | PROC PRINT | INSERT INTO VALUES

on

SIMULATED CYBERSECURITY THREAT DETECTION DATASET WITH ATTACK PATTERN ANALYSIS | PROC SQL | PROC MACRO | PROC PRINT | INSERT INTO VALUES

 /*Creating a  fictional dataset cybersecurity monitoring system named "CyberSentinel"*/

/*Create Dataset using SQL*/

proc sql;

    create table threat_logs (

        Threat_ID char(5),

        Source_IP char(15),

        Target_IP char(15),

        Threat_Type char(20),

        Severity char(10),

        Detected_Date num,

        Action_Taken char(20),

        Protocol char(5),

        Port num,

        Detection_Tool char(20)

    );

quit;

Log:

NOTE: Table WORK.THREAT_LOGS created, with 0 rows and 10 columns

NOTE: PROCEDURE SQL used (Total process time):
      real time           0.01 seconds
      cpu time            0.01 seconds

/*Insert Sample Records (more than 10 rows)*/

proc sql;

    insert into threat_logs values

    ('T001','192.168.0.45','10.0.0.15','Malware','High',"01JAN2025:13:05"dt,'Quarantined','TCP',443,'SentinelAI');


    insert into threat_logs values

    ('T002','172.16.5.24','10.0.0.25','Phishing','Medium',"02JAN2025:09:12"dt,'Blocked','UDP',53,'EmailScanner');


    insert into threat_logs values

    ('T003','203.0.113.77','10.0.0.30','Ransomware','Critical',"03JAN2025:17:45"dt,'Isolated','TCP',445,'SentinelAI');


    insert into threat_logs values

    ('T004','198.51.100.23','10.0.0.22','Malware','High',"03JAN2025:12:30"dt,'Quarantined','TCP',80,'FirewallLog');


    insert into threat_logs values

    ('T005','192.0.2.44','10.0.0.18','Botnet','Low',"04JAN2025:02:20"dt,'Monitored','TCP',23,'ThreatIntelDB');


    insert into threat_logs values

    ('T006','172.31.255.9','10.0.0.40','Phishing','Medium',"05JAN2025:08:30"dt,'Blocked','UDP',25,'EmailScanner');


    insert into threat_logs values

    ('T007','203.0.113.1','10.0.0.14','DDoS','Critical',"05JAN2025:18:50"dt,'Throttled','UDP',80,'FirewallLog');


    insert into threat_logs values

    ('T008','198.18.0.101','10.0.0.17','Spyware','High',"06JAN2025:21:10"dt,'Quarantined','TCP',443,'SentinelAI');


    insert into threat_logs values

    ('T009','192.88.99.1','10.0.0.29','Trojan','High',"07JAN2025:07:25"dt,'Quarantined','TCP',8080,'SentinelAI');


    insert into threat_logs values

    ('T010','10.10.10.10','10.0.0.35','Phishing','Low',"08JAN2025:04:55"dt,'Blocked','UDP',110,'EmailScanner');


    insert into threat_logs values

    ('T011','192.168.1.2','10.0.0.33','Worm','Medium',"08JAN2025:15:15"dt,'Blocked','TCP',135,'FirewallLog');

quit;

proc print;run;

Output:

Obs Threat_ID Source_IP Target_IP Threat_Type Severity Detected_Date Action_Taken Protocol Port Detection_Tool
1 T001 192.168.0.45 10.0.0.15 Malware High 2051355900 Quarantined TCP 443 SentinelAI
2 T002 172.16.5.24 10.0.0.25 Phishing Medium 2051428320 Blocked UDP 53 EmailScanner
3 T003 203.0.113.77 10.0.0.30 Ransomware Critical 2051545500 Isolated TCP 445 SentinelAI
4 T004 198.51.100.23 10.0.0.22 Malware High 2051526600 Quarantined TCP 80 FirewallLog
5 T005 192.0.2.44 10.0.0.18 Botnet Low 2051576400 Monitored TCP 23 ThreatIntelDB
6 T006 172.31.255.9 10.0.0.40 Phishing Medium 2051685000 Blocked UDP 25 EmailScanner
7 T007 203.0.113.1 10.0.0.14 DDoS Critical 2051722200 Throttled UDP 80 FirewallLog
8 T008 198.18.0.101 10.0.0.17 Spyware High 2051817000 Quarantined TCP 443 SentinelAI
9 T009 192.88.99.1 10.0.0.29 Trojan High 2051853900 Quarantined TCP 8080 SentinelAI
10 T010 10.10.10.10 10.0.0.35 Phishing Low 2051931300 Blocked UDP 110 EmailScanner
11 T011 192.168.1.2 10.0.0.33 Worm Medium 2051968500 Blocked TCP 135 FirewallLog


/*Macro to Filter Threats by Severity*/

%macro filter_by_severity(level);

    proc sql;

        title "Threat Logs with Severity = &level";

        select * from threat_logs where Severity = "&level";

    quit;

%mend;


%filter_by_severity(High);

Output:

                                                          Threat Logs with Severity = High

Threat_ID Source_IP Target_IP Threat_Type Severity Detected_Date Action_Taken Protocol Port Detection_Tool
T001 192.168.0.45 10.0.0.15 Malware High 2.0514E9 Quarantined TCP 443 SentinelAI
T004 198.51.100.23 10.0.0.22 Malware High 2.0515E9 Quarantined TCP 80 FirewallLog
T008 198.18.0.101 10.0.0.17 Spyware High 2.0518E9 Quarantined TCP 443 SentinelAI
T009 192.88.99.1 10.0.0.29 Trojan High 2.0519E9 Quarantined TCP 8080 SentinelAI

%filter_by_severity(Low);

Output:

                                                     Threat Logs with Severity = Low

Threat_ID Source_IP Target_IP Threat_Type Severity Detected_Date Action_Taken Protocol Port Detection_Tool
T005 192.0.2.44 10.0.0.18 Botnet Low 2.0516E9 Monitored TCP 23 ThreatIntelDB
T010 10.10.10.10 10.0.0.35 Phishing Low 2.0519E9 Blocked UDP 110 EmailScanner


/*Macro to Count Threat Types*/

%macro count_threats;

    proc sql;

        title "Threat Type Frequency";

        select Threat_Type, count(*) as Total_Threats

        from threat_logs

        group by Threat_Type

        order by Total_Threats desc;

    quit;

%mend;


%count_threats;

Output:

                                                             Threat Type Frequency

Threat_Type Total_Threats
Phishing 3
Malware 2
Spyware 1
Trojan 1
Ransomware 1
Botnet 1
DDoS 1
Worm 1


/*Macro for Daily Detection Summary*/

%macro daily_summary;

    proc sql;

        title "Daily Threat Summary";

        select datepart(Detected_Date) format=date9. as Detection_Date,

               count(*) as Daily_Threats

        from threat_logs

        group by datepart(Detected_Date)

        order by Detection_Date;

    quit;

%mend;


%daily_summary;

Output:

                                                                  Daily Threat Summary

Detection_Date Daily_Threats
01JAN2025 1
02JAN2025 1
03JAN2025 2
03JAN2025 2
04JAN2025 1
05JAN2025 2
05JAN2025 2
06JAN2025 1
07JAN2025 1
08JAN2025 2
08JAN2025 2


/*Complex SQL + Macro: High Severity Phishing Logs*/

%macro phishing_high;

    proc sql;

        title "High Severity Phishing Threats";

        select Threat_ID, Source_IP, Detected_Date, Action_Taken

        from threat_logs

        where Threat_Type = 'Phishing' and Severity = 'High';

    quit;

%mend;


%phishing_high;

Log:

NOTE: No rows were selected.

NOTE: PROCEDURE SQL used (Total process time):

      real time           0.04 seconds

      cpu time            0.01 seconds


/*Macro to Get Action Statistics*/

%macro action_stats;

    proc sql;

        title "Threat Action Summary";

        select Action_Taken, count(*) as Action_Count

        from threat_logs

        group by Action_Taken;

    quit;

%mend;


%action_stats;

Output:

                                                             Threat Action Summary

Action_Taken Action_Count
Blocked 4
Isolated 1
Monitored 1
Quarantined 4
Throttled 1


Find A Mistake and Comment It:

proc sql;

    create table threat_logs (

        Threat_ID char(5),

        Source_IP char(15),

        Target_IP char(15),

        Threat_Type char(20),

        Severity char(10),

        Detected_Date date9.,

        Action_Taken char(20),

        Protocol char(5),

        Port num,

        Detection_Tool char(20)

    );

quit;


PRACTICE AND COMMENT YOUR CODE: 

--->PLEASE FOLLOW OUR BLOG FOR MORE UPDATES.

PLEASE FOLLOW OUR TELEGRAM CHANNEL CLICK HERE

PLEASE FOLLOW OUR FACEBOOK PAGE  CLICK HERE

Comments

Post a Comment