Machine Learning Integration (Beta)

Beta release is now available now.

Why is machine learning important for Resilient?

Resilient platform manages and stores incidents. These incidents contain very useful information that customers shall make best use of. The useful information includes the followings:

• Pattern information of the system of a customer. For example, one particular server in the customer's network might be more vulnerable than the others to certain type of attacks.
• Valuable knowledge of security analysts who worked on previous incidents. For example, certain type of incidents related to a particular user more likely need more attention.

Machine learning is capable of extracting the above information from historical incidents. By doing so, it can help to improve the efficiency of handling incoming new incidents.

What can machine learning do for Resilient?

Properly trained by historical data, machine learning can predict severity of new incident, suggest proper assignee, estimate time to resolve, and even find similar incidents closed before. It can be a powerful tool for security analysts.

Architecture

The Resilient machine learning package is a circuits based integration. It contains two components. A command line tool is used to build machine learning models. A function component is used to make prediction using a built machine learning model.

For more information, please refer to the documents  (a user guide and a reference guide) included in the package.

------------------------------
Yongjian Feng
------------------------------