ananyalahiri2003 / sigma_attack

Repo to work with Sigma Rules
2 stars 1 forks source link

training set stats #2

Open priamai opened 3 months ago

priamai commented 3 months ago

In the load parser function please add a simple tag counter, this will give an indication about how unbalanced is the dataset. We expect to see some fat tail distribution. Cheers

ananyalahiri2003 commented 3 months ago

For sigma/rules/windows/driver_load/ subfolder I ran the code in src/parse_files.py and saved the tag distribution - stats look as follows - { "attack.privilege_escalation": 9, "attack.t1543.003": 7, "attack.t1068": 4, "attack.collection": 1, "attack.defense_evasion": 1, "attack.t1599.001": 1, "attack.t1557.001": 1, "attack.persistence": 1, "cve.2021.21551": 1, "attack.t1543": 2 }

Please let me know if this is what you were after. Thanks

priamai commented 3 months ago

Yes this is good, let's run stats for each folder and create a summary as Markdown.

Sent from Outlook for Androidhttps://aka.ms/AAb9ysg


From: ananyalahiri2003 @.> Sent: Sunday, July 28, 2024 12:10:10 PM To: ananyalahiri2003/sigma_attack @.> Cc: Paolo Di Prodi @.>; Author @.> Subject: Re: [ananyalahiri2003/sigma_attack] training set stats (Issue #2)

For sigma/rules/windows/driver_load/ subfolder I ran the code in src/parse_files.py and saved the tag distribution - stats look as follows - { "attack.privilege_escalation": 9, "attack.t1543.003": 7, "attack.t1068": 4, "attack.collection": 1, "attack.defense_evasion": 1, "attack.t1599.001": 1, "attack.t1557.001": 1, "attack.persistence": 1, "cve.2021.21551": 1, "attack.t1543": 2 }

Please let me know if this is what you were after. Thanks

— Reply to this email directly, view it on GitHubhttps://github.com/ananyalahiri2003/sigma_attack/issues/2#issuecomment-2254460746, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANVNMBSIIJC7MVBSQKHZK4TZOS7QFAVCNFSM6AAAAABLHA75QOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJUGQ3DANZUGY. You are receiving this because you authored the thread.Message ID: @.***>

priamai commented 3 months ago

We could start with all the windows and linux folders, it would be nice to also auto produce some bar charts as images @ananyalahiri2003

priamai commented 3 months ago

We could just put the results so far on the wiki page: https://github.com/ananyalahiri2003/sigma_attack/wiki