Return to site

Sneak Peek at the new MLSec Project Portal

Written by Alex Pinto

I am very happy to announce that our new streamlined portal is almost ready for prime-time! We are wrapping up the development and managing some transition details for our participants.

Security monitoring professionals have way too much to look at in their monitoring environments, lots of meaningless graphs and unnecessary data. This makes them lose productivity and not spend time on the investigation and response of potential breaches.

So the portal was redesigned to be closer to the principles of why we stated doing this on the first place: better and more focused information will have a greater benefit to direct analysts to action.

We have a simple prioritized list of suspect actors and whatever they were doing that day that triggered the Machine Learning model that picked it up.

We keep the information at a minimum, so a quick glance of the analyst can decide if this should be investigated further. We provide some guidance as if we had seen these actors before in one of out threat intelligence feeds the last few days.

If you want more information on the IP address or domain from the offending actor, all you have to do is click on it.

A lot of structural Internet information in then available, including ASN, BGP and a lot of DNS-related information. This also helps an analyst have a quick glance on common indicators of malicious behavior that can be found with this information.

We also add information on which public Threat Intelligence feeds the IP address or domain could be found. There are some private feeds we cannot reveal that are being used as per our agreement, and as such these will not show up on the interface, although they are being used by the models.

I also would like to take the opportunity to apologize to the University of Michigan and the Zmap team for being featured as "suspect actors". To be fair, you guys ARE scanning the whole Internet! ;)

If only there was a way for me to mark this as a false positive on the interface... Stay tuned for more details on our Portal Launch!

All Posts

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!

OKSubscriptions powered by Strikingly