The document discusses using machine learning to automate threat hunting by presenting a case study on detecting domain generating algorithms (DGAs) used by ransomware like WannaCry. It provides an example workflow for building a machine learning model to classify domain names as malicious or benign, and evaluates the trained model on unseen WannaCry command and control domains. Key recommendations are to plan threat hunting with clear goals and metrics, and that machine learning can help explore threat data and enable automated mitigation.
Machine learning is bringing data analysis into a new era, allowing companies to use predictive analytics that continually “learn” from historical data. These analytics can optimize IT, security and business operations—helping to detect incidents, reduce resolution times, and predict and prevent undesired outcomes.
The Splunk platform makes it easy for you to harness the power of machine learning by offering a rich set of machine learning commands and a guided workbench to create custom models for any use case.
Assistants: Assistants let you choose the algorithm and then guide you through model creation, testing and deployment for common objectives like forecasting values, predicting numeric or categorical fields, and detecting numeric or categorical outliers.
Showcases: Walk through interactive examples of model creation organized by common use cases for IT, security, IoT and business analytics. Examples include predicting disk failures, finding outliers in response time, predicting VPN usage and forecasting internet traffic.
SPL ML Commands: The Splunk platform offers over 20 machine learning commands that can be applied directly to your data for detection, alerting or analysis. Commands such as outlier, predict, cluster and correlate utilize fixed algorithms, while others such asanomalydetection allow you to choose between several algorithms to best fit your needs.
Want more flexibility? With the Machine Learning Toolkit, you get access to additional commands and open source algorithms to create custom models for any use case.
Python for Scientific Computing Library: Use machine learning SPL commands like fit, apply and allow to directly build, test and operationalize models using open source Python algorithms from the Splunk Python for Scientific Computing Add-on.