Hunting for Detections in Attack Data with Machine Learning

As a (fairly) new member of Splunk's Threat Research team (STRT), I found a unique opportunity to train machine learning models in a more impactful way. I focus on the application of natural language processing and deep learning to build security analytics. I am surrounded by fellow data scientists, blue teamers, reverse engineers, and former SOC analysts with a shared passion and vision to push the state of the art in cyber defense. STRT has collected real-world and simulated attack data that allows me to not only use machine learning to discover attack activity but identify how to transform insights into detections for the benefit of our customers. A recent exercise using machine learning (ML) to hunt threats in Windows audit logs containing traces of post exploit kits illustrates that even small amounts of attack data can create new analytic opportunities.