Hello, this is free continuation of https://sourceforge.net/p/simple-evcorr/mailman/message/36867012/. That post was about possibilities of user-friendly configurations of event correlations outside of SEC (without knowing SEC syntax and low-level principles), and generation of SEC rules from that externalized configurations. But still manual process.
Next step would be integrating AI (machine learning) with SEC somehow, so that user won't need to configure correlations statically, but they would configure and self-optimize automatically. (There still could be some input needed from the user, but system would be also able to react on changing log traffic, and self-evolve.) Something like ELK+AI has usable in the log monitoring area. Maybe some integration with MXNet? http://blogs.perl.org/users/sergey_kolychev/2017/02/machine-learning-in-perl.html Does anybody have any experience in this area, to explain some more or less theoretical or practical setup of AI-generated SEC rules? (I am pretty sure, that this is out of scope of SEC itself, and SEC would'nt know, that AI is dynamically generating its rules on the background and probably nobody has working solution, but maybe we could invent something together.) Thanks for any ideas. Richard
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users