decision automation: teaching machines to hunt · threat hunting alert triage incident response...

Decision Automation: Teaching Machines to Hunt Kumar Saurabh 2019.05.02

Upload: others

Post on 17-Jul-2020

2 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Decision Automation:Teaching Machines to Hunt

Kumar Saurabh2019.05.02

( Security Events )

BILLIONS

Alerts

THOUSANDS

Eliminate False

Positives

HUNDREDS

Incidents

TENS

Ignored Notifications

Detection Rules

Threat Hunting Alert Triage Incident Response

Typical SOC

Decision Automation: Signal vs. noise

Factor Analysis

• A factor which will turn true

for alerts, false for non alerts.

• OK to have false positive

rate on every factor

• Reduce false positive rates

by applying multiple factors

Page 4: Decision Automation: Teaching Machines to Hunt · Threat Hunting Alert Triage Incident Response Typical SOC Decision Automation: Signal vs. noise. Factor Analysis • A factor which

Spot the red signal

1 out of 100

1 out of 10,000 1 out of 100,000,000

Page 5: Decision Automation: Teaching Machines to Hunt · Threat Hunting Alert Triage Incident Response Typical SOC Decision Automation: Signal vs. noise. Factor Analysis • A factor which

Factor 4:

1 out of 100

Factor 5:

1 out of 100

1 out of

100,000,000

Factor 2:

1 out of 100

Factor 3:

1 out of 100

Factor 1:

1 out of 100

Factor 6:

1 out of 100

Page 6: Decision Automation: Teaching Machines to Hunt · Threat Hunting Alert Triage Incident Response Typical SOC Decision Automation: Signal vs. noise. Factor Analysis • A factor which

0 7 0 2

Context & Event Types

Enriched Events

Multi-Dimensional Reductions

Scoring Rules

Threat Ranking

Decision Automation

Deep Logic Nets

0 7 0 2

Context & Event Types

Enriched Events

Multi-Dimensional

Reductions

Scoring Rules

Threat Ranking

Machine Learning

Human Feedback

Page 7: Decision Automation: Teaching Machines to Hunt · Threat Hunting Alert Triage Incident Response Typical SOC Decision Automation: Signal vs. noise. Factor Analysis • A factor which

Threat Hunting in GitHub Logs

Alert Triage

Phishing Triage

Page 10: Decision Automation: Teaching Machines to Hunt · Threat Hunting Alert Triage Incident Response Typical SOC Decision Automation: Signal vs. noise. Factor Analysis • A factor which

Thank you!

Włodzimierz Funika, Filip Szura Automation of decision making for monitoring systems

Automation of legal reasoning and decision based on ontologies

IBM Business Automation Studio and Application Designer · Business Automation Insights Business Automation Workflow Operational Decision Management Enterprise Content Management

ACCOUNTING AUTOMATION IN DECISION-MAKING: A CASE STUDY

DDoS Mitigation Strategies: The Automation Factor · DDoS Mitigation Strategies: The Automation Factor. ... implementing artificial intelligence ( AI)-based security technologies

Factor Influencing on Purchase Decision of Two Wheeler-Bilal Luhar

Key Factor/Limiting Factor analysis & Product Mix Decisionfuturecas.weebly.com/uploads/8/2/9/7/8297943/_____part-2.pdf · Key Factor/Limiting Factor analysis & Product Mix Decision

FACTOR ANALYSIS ON CONSUMER BEHAVIOR AND DECISION …repository.uinjkt.ac.id/dspace/bitstream/123456789/18711/1/RIO... · FACTOR ANALYSIS ON CONSUMER BEHAVIOR AND DECISION TO BUY

Supporting Runtime Decision Making in the Production Automation Domain Using Design ... · 2011-12-20 · Supporting Runtime Decision Making in the Production Automation Domain Using

BMC BladeLogic Decision Support for Server Automation User ... · The following BMC BladeLogic Decision Support for Server Automation documents are available at BMC online documentation

Your Automation Decision: Automation Matrix 2014

Modernizing Your Decision Automation Strategy

SPOUSAL DECISION MAKING: A FACTOR ANALYTIC APPROACH

7.2 Red Hat Process Automation Manager · Red Hat Process Automation Manager 7.2 Designing a decision service using uploaded decision tables 2. PREFACE As a business analyst or business

Wonderware System Platform Empowering Decision Makers … · 2020. 7. 14. · Wonderware System Platform Empowering Decision Makers Across the Value Chain. Frontline Automation Decision

FACTORY AUTOMATION HIGH POWER FACTOR CONVERTER … · · 2017-08-28FACTORY AUTOMATION HIGH POWER FACTOR CONVERTER ... change in our lives. By bringing greater comfort to daily life,

Amdocs Intelligent Decision Automation

decision matrix for functional evaluation of project management automation

7.0 Red Hat Process Automation Manager · Red Hat Process Automation Manager 7.0 Designing a decision service using guided decision tables Last Updated: 2019-07-19

The Deciding Factor: Big Data & Decision Making...5 The Deciding Factor: Big data and decision-making This is particularly true of machine-to-machine communication, where low-risk

Espacio Como Factor de Decision del Consumidor de Cine en Bogotá

บทที่ 9 ปัจจัยดอกเบี้ยและการตัดสินใจทางการเงิน (Interest Factor and Financial Decision

Explaining algorithms and automation: A guide for lawyers · Roles for automated decision-making Decision support vs full automation-Decision support: providing additional information,

Factor Influencing the Investment Decision Making of Investors

70645711 Factor Influencing the Investment Decision Making of Investors

Factor Influncing Decision Making in International Management

CASE-BASED REASONING SYSTEMS: FROM AUTOMATION TO DECISION-AIDING

Layout Automation Techniques to Optimize Time-to-Market Factor

EDDIE-Automation, a Decision Support Tool for …...Decision Support Systems (Elsevier Science) Accepted for publication, March 2003 Page 1 EDDIE-Automation, a Decision Support Tool

Decision Network Automation

The Repeat Appointment Factor: Exploring Decision Patterns

EDDIE-Automation, a Decision Support Tool for Financial ... · Decision Support Systems (Elsevier Science) Accepted for publication, March 2003 Page 1 EDDIE-Automation, a Decision

Towards Automation of Model Execution from a Decision Support

Fear Factor - Why AP Automation Isn't Scary FINAL