Skip to content

ML-ProblemChild-20210602-1

Pre-release
Pre-release
Compare
Choose a tag to compare
@brokensound77 brokensound77 released this 02 Jun 21:21
· 1475 commits to main since this release
ML-ProblemChild-20210602-1
7040538
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

model name: problemchild_20210526_1.0
sha256: 4f4342b8559886f93702f571cdd320da7a176a28b2784a9d8c4497eeeca9b3bd
for details, reference: https://github.com/elastic/detection-rules/blob/main/docs/ML_DGA.md

Changelog

This is the first release package for ProblemChild. It consists of the following:

  • Feature extraction scripts:

    • ML_ProblemChild_features_script.json: Extract required features irrespective of agent being used
    • ML_ProblemChild_normalize_ppath_script.json: Extract a normalized path feature
    • ML_ProblemChild_ngram_extractor_script.json: Extract ngrams from certain features

  • Model:

    • ML_ProblemChild_model.json: Supervised model to classify incoming events as malicious vs benign

  • Blocklist script:

    • ML_ProblemChild_blocklist_script.json: Blocklist script to override model verdict

  • Inference pipeline:

    • ML_ProblemChild_inference_pipeline.json: Inference pipeline to make predictions on events using the ProblemChild model/blocklist

  • Ingest pipeline:

    • ML_ProblemChild_ingest_pipeline.json: Ingest pipeline to run ML_ProblemChild_inference_pipeline only on Windows process events
Assets 4
Loading