Detecting the sudden appearance of events with ee-outliers and Elasticsearch

Recently, for our open-sourced ee-outliers framework, we released a new outlier model capable of detecting the sudden appearance of one or multiple field values of an Elasticsearch event. For example, this model could spot new TLDs that are suddenly being contacted (DNS/SSL) and communicating with C2 domains. It could also detect an executable that suddenly […]

Using Word2Vec to spot anomalies while Threat Hunting using ee-outliers

Introduction In this blog post, we want to introduce the user to the concept of using Machine Learning techniques designed to originally spot anomalies in written (English) sentences, and instead apply them to support the Threat Analyst in spotting anomalies in security events. The basic idea behind this is that we try to identify sentences […]