The Cybersecurity and Information Systems Information Analysis Center (CSIAC) is seeking possible solutions to automatically label network events/sessions based on time and IP addresses of known attacks using Zeek logs. Documentation, potential points of contact (POCs), further insights, or any solutions would be greatly appreciated.
There is much documentation on prior cyber events, which is picked up by machine learning using the data to classify attacks/nonattack traffic. What are different ways this has been accomplished? The DoD inquirer is considering the use of Zeek logs to accomplish this and wants to identify if others have done anything similar.
If you have any information that fits this request, please provide contact information and relevant details on the DoDTechipedia forum or in an email to Ryan Fowler, the lead analyst, at email@example.com