- #1
stoomart
- 392
- 132
This question is primarily directed to @bapowell, but I encourage others to please add any thoughts or suggestions.
Brian, I just saw your bio while reading the CMB primers, and thought you may have some ideas on cybersecurity data analytics.
Some background: I've been in cybersecurity since 2000, and have been using Splunk for anomaly detection and investigation for just over a year now. Instead of opting for Splunk's SIEM package, I've been developing our anomaly detection logic from scratch, which has evolved over time to include any combination of the following:
Am I missing any ways of looking at the data?
Variance detection was the last major evolution in my efforts, and now I am looking for the next one. I will say my reseach and testing in machine learning was a bit of a dud, since I could only ever achieve ~80% accuracy instead of high 90s like I was hoping for, but this may have been a limitation of my abilities.
Brian, I just saw your bio while reading the CMB primers, and thought you may have some ideas on cybersecurity data analytics.
Some background: I've been in cybersecurity since 2000, and have been using Splunk for anomaly detection and investigation for just over a year now. Instead of opting for Splunk's SIEM package, I've been developing our anomaly detection logic from scratch, which has evolved over time to include any combination of the following:
volume (count)
commonality (count distinct entities)
frequency (relative time comparison)
variance (entity or population z-score)
commonality (count distinct entities)
frequency (relative time comparison)
variance (entity or population z-score)
Am I missing any ways of looking at the data?
Variance detection was the last major evolution in my efforts, and now I am looking for the next one. I will say my reseach and testing in machine learning was a bit of a dud, since I could only ever achieve ~80% accuracy instead of high 90s like I was hoping for, but this may have been a limitation of my abilities.