Anomaly Detection in argus Data
Part 2: Locating outliers using an empirical method in python with scipy’s mquantile() >
Part 3: Qualifying data as anomalous >
Part 3.a: Has this daddr+saddr been seen before? >
This solution will contain some ideas on how to perform some anomaly detection in argus data.
I will rely heavily on quantile (percentile point function) to find outliers, but also consider weights.
The first post covers details of questions I will be interested in answer.
The second post discusses setting up the environment for python driven analysis.
The third post will cover answering a set of specifics questions targeting a specific example.
The fourth post will cover generating derivative data into a DB.
The fifth post will discuss integrating with other systems, such as writing an OSSIM plugin, and considering snort.
The sixth post will likely cover rendering the script(s?) as a daemonizable process that watches an argus DB contents and alerts.