SuriCon 2016 - Applying Data Science to Suricata

Anthony G. Tellez1 min read
Machine LearningSecurityData ScienceSplunkSuricataConference

Splunk has enabled big data on the security practitioner's desktop, but the security knowledge worker is not a data scientist by training. SOC engineers need easy-to-implement machine learning tools.

This presentation explores existing machine learning toolkits available in the Splunk platform and how they can be applied to:

  • Data exfiltration detection
  • Port/traffic analysis
  • Advanced threat use cases
  • Security analytics workflows

Presentation Materials

Download Slides

Key Topics

Machine Learning for Security Operations

Security operations centers need practical ML tools that don't require deep data science expertise. This talk demonstrates how Splunk's ML Toolkit makes advanced analytics accessible to security practitioners.

Suricata Integration

Combining Suricata's rich network telemetry with Splunk's machine learning capabilities creates powerful threat detection workflows. The presentation covers:

  • Feature engineering from network data
  • Behavioral analysis techniques
  • Anomaly detection patterns
  • Operationalizing ML models

Real-World Applications

Practical examples using actual threat data, including early detection of botnet activity and data exfiltration patterns using statistical analysis and clustering techniques.

Presented at SuriCon 2016

← Back to Blog