There have been organizations that have suffered negative consequences as a result of not identifying a real alert that was among the many false positive alerts. This challenge keeps increasing with the use of Big Data, given the faster velocity, larger volume, and variety of data streams, that need to be ingested, or disbursed, in real, or quasi real-time.
Can we confirm and prioritize alarms reported in the violations logs in order to allow security analysts to concentrate on the true alerts primarily?
Your customer is interested in the creation of a process to confirm and prioritize true alerts. She believes that if her security analysts had to review a confirmed and prioritized list of alerts, they could do their scrutiny more thoroughly, and be able to provide pertinent action on a timely basis. She indicates that her Data Leak Detection tool is not intelligent enough to eliminate the large volume of false alarms.
High-level intent: To confirm the true nature of these alerts, and then to classify them by categories: true and false alarms for the review of the security analysts.
Eventually, we would like to create an automated interface that the analysts can use to provide newly gained information
about true positives back to the learning model and the DLD.
We can mine the data using Big Data analytics as well as other data mining tools.
This project is a continuation of two earlier projects: