You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@spot.apache.org by "Miller, Clifford" <cl...@phoenix-opsgroup.com> on 2017/06/02 15:36:47 UTC
Apache Spot Threat Intel DB??
Does Apache Spot pull in updates from some central DB that defines threat
signatures and/or other pertinent info? Or is it strictly using the built
in signatures with the addition of its own unsupervised and supervised
machine learning?
Thanks,
--Cliff.
Re: Apache Spot Threat Intel DB??
Posted by "Miller, Clifford" <cl...@phoenix-opsgroup.com>.
Thanks for the quick response. Mostly curious. I was thinking that it
would be useful to have a central repository where Spot users could
pull/share analytics and/or signatures from. Maybe different analytic
models or algorithms that users could choose to use. Maybe like a plugin
library type thing. The Apache Spot Open Data Model concept seems to be
focused toward allowing this type of sharing.
--Cliff.
On Fri, Jun 2, 2017 at 11:49 AM, solrac901@apache.org <so...@apache.org>
wrote:
> HI Cliff, right now Spot doesn't have a signature capability most of the
> detection is based on Machine Learning (LDA algorithm). We use reputation
> services and IP location to add context to our suspicious results.
> Quick question its a feature that you want to see on the tool? a
> pre-filter with static rules and after the fact analyze with ML or
> viceversa?
> Regards.
>
> 2017-06-02 10:36 GMT-05:00 Miller, Clifford <clifford.miller@phoenix-
> opsgroup.com>:
>
>> Does Apache Spot pull in updates from some central DB that defines threat
>> signatures and/or other pertinent info? Or is it strictly using the built
>> in signatures with the addition of its own unsupervised and supervised
>> machine learning?
>>
>>
>> Thanks,
>>
>> --Cliff.
>>
>>
>>
>
--
Clifford Miller
Mobile | 321.431.9089
Re: Apache Spot Threat Intel DB??
Posted by "solrac901@apache.org" <so...@apache.org>.
HI Cliff, right now Spot doesn't have a signature capability most of the
detection is based on Machine Learning (LDA algorithm). We use reputation
services and IP location to add context to our suspicious results.
Quick question its a feature that you want to see on the tool? a pre-filter
with static rules and after the fact analyze with ML or viceversa?
Regards.
2017-06-02 10:36 GMT-05:00 Miller, Clifford <
clifford.miller@phoenix-opsgroup.com>:
> Does Apache Spot pull in updates from some central DB that defines threat
> signatures and/or other pertinent info? Or is it strictly using the built
> in signatures with the addition of its own unsupervised and supervised
> machine learning?
>
>
> Thanks,
>
> --Cliff.
>
>
>