In IoT environments, large amounts of procedural data are generated from IoT devices, information systems, and other software applications. The use of this data can foster the development of innovative applications in process control [63, 75, 56, 54, 35, 52, 42, 68], process conformance checking [23, 81, 83, 28], and process enhancement [67, 59], among others. Particularly, the use of process mining techniques to analyze not only process data but also IoT-collected data could provide important insights into processes and interactions as shown in different applications in the manufacturing domain, such as [58, 75, 56, 59, 67]. In these applications, IoT actuators are used to realize and execute process activities, while IoT sensors and smart tags are used to closely monitor the execution environment and involved resources [79, 75, 26, 37, 54]. IoT technology can therefore capture the context in which certain process tasks are performed, allowing process mining techniques to better understand and analyze the processes [7, 76, 12]. As such, besides the procedural data generated from the process execution systems, the data captured by IoT should also be considered an integral part of the process execution in the form of IoT-enriched event logs [57, 53]. Both the procedural nature of sensor logs, and the tight integration of these with the process executions and the executing resources [24] makes sensor data an integral part of process-based application scenarios in IoT [76, 75, 7]. However, the integration of IoT data and process data to be used for process mining is still often done ex-post in a manual fashion during a separate pre-processing phase [95, 73, 53]. In these cases, the data from the IoT environment is still collected and stored separately, and only later it is explicitly connected to the notion of a process, which is non-trivial as pointed out in the challenge "Bridging the Gap Between Event-based and Process-based Systems" in the BPM-IoT manifesto [37].

39 seconds. That is the timelapse between two consecutive cyber attacks as of 2023. Meaning that by the time you are done reading this abstract, about 1 or 2 additional cyber attacks would have occurred somewhere in the world. In this context of highly increased frequency of cyber threats, Security Operation Centers (SOC) and Computer Emergency Response Teams (CERT) can be overwhelmed. In order to relieve the cybersecurity teams in their investigative effort and help them focus on more added-value tasks, machine learning approaches and methods started to emerge. This paper introduces a novel method, IsoEx, for detecting anomalous and potentially problematic command lines during the investigation of contaminated devices. IsoEx is built around a set of features that leverages the log structure of the command line, as well as its parent/child relationship, to achieve a greater accuracy than traditional methods. To detect anomalies, IsoEx resorts to an unsupervised anomaly detection technique that is both highly sensitive and lightweight. A key contribution of the paper is its emphasis on interpretability, achieved through the features themselves and the application of eXplainable Artificial Intelligence (XAI) techniques and visualizations. This is critical to ensure the adoption of the method by SOC and CERT teams, as the paper argues that the current literature on machine learning for log investigation has not adequately addressed the issue of explainability. This method was proven efficient in a real-life environment as it was built to support a company\'s SOC and CERT

Causal Models are like Dependency Graphs and Belief Nets in that they provide a structure and a set of assumptions from which a joint distribution can, in principle, be computed. Unlike Dependency Graphs, Causal Models are models of hierarchical and/or parallel processes, rather than models of distributions (partially) known to a model builder through some sort of gestalt. As such, Causal Models are more modular, easier to build, more intuitive, and easier to understand than Dependency Graph Models. Causal Models are formally defined and Dependency Graph Models are shown to be a special case of them. Algorithms supporting inference are presented. Parsimonious methods for eliciting dependent probabilities are presented.