The Signal analytics module in the Resolution Intelligence platform provides a range of powerful machine learning models that can be applied to selected data for deeper analysis and insights. These models enable users to uncover patterns, identify correlations, and gain a better understanding of the signals generated by the detection systems. Below are the available machine learning models:
Clustering by Signal Similarity
The Clustering by Signal Similarity model groups signals together based on their similarity in terms of attributes, patterns, or behavior. This helps identify clusters of related signals, enabling users to gain insights into common trends, potential threats, or related security events.
Clustering by MITRE Technique
The Clustering by MITRE Technique model leverages the MITRE ATT&CK® framework to cluster signals based on the specific techniques employed by threat actors.
By grouping signals according to these techniques, you can gain a deeper understanding of the overall signal landscape and better understand the tactics employed by adversaries.
Clustering by MITRE Tactic
Similar to the Clustering by MITRE Technique model, the Clustering by MITRE Tactic model clusters signals based on the broader tactics defined in the MITRE ATT&CK® framework.
This analysis provides valuable insights into the tactics employed by threat actors and enables you to align your defense strategies accordingly.
Clustering by Log Source
The Clustering by Log Source model groups signals based on the log sources from which they originated. This allows users to analyze signals generated by specific log sources and gain insights into the behavior, trends, or anomalies associated with each source.
It helps identify noisy log sources or specific areas requiring further investigation.
Clustering by Detection Rule
By clustering signals based on the detection rule, you can identify groups of signals triggered by specific detection rules. This analysis enables you to assess the effectiveness of your detection rules, refine them as necessary, and improve your threat detection capabilities.