Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes
Tags
| attack-pattern: | Data Datasets Model Models Hardware - T1592.001 Python - T1059.006 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | cca18aa2-20d3-4938-a8a3-c24130f7c29e |
| Fingerprint | e8310b9ec434476a |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 14, 2021, 8 a.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes |
| Title | Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes |
| Detected Hints/Tags/Attributes | 47/1/34 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 1 | riverml.xyz |
|
| Details | Domain | 2 | www.wikiwand.com |
|
| Details | Domain | 768 | www.youtube.com |
|
| Details | Domain | 1 | www.ericooi.com |
|
| Details | Domain | 1 | event.webinarjam.com |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 24 | blog.fox-it.com |
|
| Details | Domain | 2 | scikit-learn.org |
|
| Details | File | 15 | pd.dat |
|
| Details | File | 8 | ist.ps |
|
| Details | File | 1 | plot_mahalanobis_distances.html |
|
| Details | Github username | 33 | nccgroup |
|
| Details | Github username | 2 | zeek |
|
| Details | Github username | 8 | salesforce |
|
| Details | md5 | 1 | 8153FDB64C81A77FAE4F8B3F675589CD |
|
| Details | Url | 1 | https://github.com/nccgroup/ja3_outlier |
|
| Details | Url | 1 | https://riverml.xyz/dev/examples/concept-drift-detection |
|
| Details | Url | 1 | https://www.wikiwand.com/en/online_machine_learning |
|
| Details | Url | 1 | https://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=8153fdb64c81a77fae4f8b3f675589cd?doi=10.1.1.302.7503 |
|
| Details | Url | 1 | https://riverml.xyz/latest |
|
| Details | Url | 1 | https://www.youtube.com/watch?v=p3m6dt7by9u |
|
| Details | Url | 1 | https://www.ericooi.com/zeekurity-zen-zeries |
|
| Details | Url | 1 | https://github.com/zeek/broker |
|
| Details | Url | 1 | https://event.webinarjam.com/replay/24/yvwmyaqlcl9i96iw2 |
|
| Details | Url | 1 | https://holdmybeersecurity.com/2020/06/08/poc-using-ksql-to-enrich-zeek-logs-with-osquery-and-sysmon-data |
|
| Details | Url | 3 | https://github.com/salesforce/ja3 |
|
| Details | Url | 1 | https://riverml.xyz/dev/api/proba/multinomial |
|
| Details | Url | 1 | https://riverml.xyz/dev/api/stats/quantile |
|
| Details | Url | 1 | https://riverml.xyz/dev/api/utils/histogram |
|
| Details | Url | 1 | https://en.wikipedia.org/wiki/strong_law_of_small_numbers |
|
| Details | Url | 1 | https://blog.fox-it.com/2020/01/15/hunting-for-beacons |
|
| Details | Url | 1 | https://scikit-learn.org/stable/auto_examples/covariance/plot_mahalanobis_distances.html |
|
| Details | Url | 3 | https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild |