ee-outliers
ee-outliers copied to clipboard
NVISOsecurity
Open-source framework to detect outliers in Elasticsearch events
Bumps [lxml](https://github.com/lxml/lxml) from 4.6.5 to 4.9.1. Changelog Sourced from lxml's changelog. 4.9.1 (2022-07-01) Bugs fixed A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [numpy](https://github.com/numpy/numpy) from 1.21.0 to 1.22.0. Release notes Sourced from numpy's releases. v1.22.0 NumPy 1.22.0 Release Notes NumPy 1.22.0 is a big release featuring the work of 153 contributors spread...
Add parameter `min_aggregator_bucket ` with default value around 1000. It would classify an event as outlier only if the aggregator bucket has a size bigger than the parameter `min_aggregator_bucket`. Why?...
If you observe the function process_outlier() in analyzer.py you can see that self.total_outliers is incremented event if the outlier is whitelisted. https://github.com/NVISO-BE/ee-outliers/blob/58021dc20f6cbbe411c0a6337ea39a82fc139a9d/app/helpers/analyzer.py#L220-L235 Also, I observed that the number of whitelisted...
Test how well entropy per character would work to not bias towards reporting of longer names
Hello, ee-outliers seems like a good project, do you plan to add "notifier" like "TheHive" or other ?? SMTP is only the possibility for the moment.
Lots of the use cases don't need to re-analyze previously investigated or tagged events
File to refactor: https://github.com/NVISO-BE/ee-outliers/blob/master/app/entrypoint.sh
Metadata
Owner
Metadata
Open-source framework to detect outliers in Elasticsearch events