At present, attacks on computer networks continue to develop at a speed that outstrips the ability of information security specialists to create new attack signatures. This article illustrates an approach to preprocessing raw data and visualizing information security events in a live dataset. It is shown how preprocessing and primary knowledge extraction for further use of the processed dataset in machine learning models can be used in the design of machine learning models for intrusion detection systems. A distinctive feature of the work is that the most relevant set CICIDS17 was taken as the studied dataset. Although traditionally considered popular such kits as DARPA2000 and KDD-99, which are more than 20 years old. The article also describes the criteria and characteristics that the set has.