/plushcap/analysis/confluent/confluent-siem-with-anomaly-detection-using-machine-learning-and-ksqldb

Seamless SIEM – Part 2: Anomaly Detection with Machine Learning and ksqlDB

What's this blog post about?

This text discusses building GenAI (Generative Artificial Intelligence) applications faster using the Confluent Platform. It explains how to consume streams of osquery logs, detect anomalous behavior using machine learning, and handle these anomalous events in ksqlDB and the Confluent Platform. The use case involves training an LDA model to learn from osquery logs and deploying it to score real-time logs for anomalous behavior. Subsequent ksqlDB statements are used to route scored events to topics GOOD, BAD, and UGLY. The text also mentions ways to expand the use case, such as publishing bad and ugly logs to a SIEM system or external datastores using Kafka Connect for additional investigation and real-time alerting.

Company
Confluent

Date published
Feb. 13, 2020

Author(s)
Hubert Dulay, Victoria Xia, Wade Waldron

Word count
1277

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.