Detection engineers consistently come up with excellent rules and heuristics to detect malicious and anomalous behaviors in their environment; a perfect example of this is password spraying. But since we can’t have nice things, there is always software or behaviors that violate the base assumption for that detection. This doesn’t invalidate the rule, but it does require that the rule have exceptions built into the rules. Doing this manually is tedious and time consuming. When a rule consistently gives false positives, it is natural and understandable to just ignore the rule. But that comes at the expense of when the rule detects something that is malicious.
In this talk we will use password spraying as an example use case to showcase how detections can be matured through the use of Machine Learning.
- Join our webinar, “Enhance your Security Detections with Machine Learning” and learn:
- How to take a data driven approach to detection development
- How to mature a detection to detect increasingly sophisticated attackers
- How to use Splunk’s Machine Learning Toolkit to understand behaviors