Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Takekiyo_Nakash
Explorer

Analysis of logs utilizing artificial intelligence

Do you have a plan to new function to automatically analyze logs using AI?
In addition to knowing the facts from the logs, we also want to obtain prediction information (eg; H / W failure, incident..) by AI.

9 Replies
G_W_Albrecht
Legend Legend
Legend

This AI integration question is very interesting - do you have real world examples on how to obtain prediction information (eg; H / W failure, incident..) by AI ? To predict a HW failure using AI is a mind-blowing alternative compared to MTBF .

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
SamiH
Contributor

Just to clarify things. Machine learning is probably what you are thinking about, since it can predict things based on training data it has seen before. That includes outliers of current data sets i.e. anomalies. Machine learning can predict failure based on knowledge from previous failures of certain data set, which would require probably knowledge from hw batch part defects or symptoms caused by them. Machine learning is not AI by itself, it is just maths. Probabilities for a probability distribution it approximates from training data. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

That is just the point - where will the black box in question get the lots of training data concerning HW failures from, how long will it take to learn from it and what will it be able to predict anyway with which confidence level?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
SamiH
Contributor

I would guess only from hw manufacturer, but they are probably not going to share it. There is quite little sensor data visible to user and every alert they generate is in itself already a defect causing replacement.

0 Kudos
Charris_Lappas
Collaborator

In terms of HW it depends of the manufacturer as is already available from server manufacturers (at least the big ones).

AI and/or machine learning in a rapidly exchanging and dynamic environment is going to be tricky. 

The best tool for now that you can set your eyes on is the Smart View Dashboard that you can fully customise and set the alerts and notifications that you want. 

Oren Koren from CP has already published some very interesting views. Check out his threat https://community.checkpoint.com/community/management/visibility-monitoring/blog/2018/04/04/threat-p... 

Thanks,

Charris Lappas

SamiH
Contributor

Splunk would be interesting to use on top of these logs or R language, but haven't had time to do either.

0 Kudos
Takekiyo_Nakash
Explorer

Although we would like to have machine failure detected by AI, we also want to release a function to pre-detect the precursor of cyber attack from logs with AI.
Is not scheduled release of the function to find signs of cyber attack from logs with AI?

0 Kudos
Charris_Lappas
Collaborator

We have the tool (Smart Event) to configure all sorts of event activities with alerts. AI is just a term to use machines to act to different events. As mentioned above CP has already created some very interesting views that you can customise as per your needs.

https://community.checkpoint.com/community/management/visibility-monitoring/blog/2018/04/04/threat-p... 

Except from the obvious (to find attack patterns) I can  list two interesting findings:

1) Through the views for email activity we have found a spike of requests from a specific IP. With further checks we have found that this was a legitimate email server (not blacklisted or anything) but according to our Sys Admins was sending 100% spam emails. Based on that we have set this IP to our Black List. This IP was new and not listed on any anti spam sites. This was just an example to show that once you dig you will find interesting stuff.

2)  Another interesting finding is to find blocked activity from the Internal Network. This is mainly helpful to fine tune you policy and pinpoint issues before they even begin. Ask questions like why this server is trying (blocked) to communicate to this ip address to this port? You will be surprised!

For AI or machine learning I would like to see more feeds from CP on IP reputation and DNS reputation where more intelligence on events will be gathered. 

PhoneBoy
Admin
Admin

We gather quite a bit of intelligence as it is.

It's made available to all customers through ThreatCloud.

We also offer a few (paid) third party additions through Intellistore.

We also will have APIs in R80.20 to maintain the IoCs on a gateway if you have some other source you'd like to integrate.

Is there something in particular you're looking for?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events