KB_2018060511

CyberQuest™

Machine learning

• CyberQuest’s implementation of machine learning algorithms are based on deep learning techniques. Using these algorithms, CyberQuest can detect anomalous events which will be presented to users as alerts.
  

• CyberQuest automatically uses the built-in model for network traffic (presented as EventID 63805, 63809, 63900) to outline traffic which is outside of the norm, based on the following fields:
  

• SrcIP, DestIP, LocalTime, _network.bytes, _network.DestPort, username, _asset.name 
  

• The machine learning service can be managed by using the console with the following commands:
  

systemctl start data-learning #for starting the service

systemctl stop data-learning #for stoping the service

• For optimal results, data-learning service has a warm-up period of 24 hours. After the first service start the level o accuracy will increase in time.