- anomaly detection 2) rare event 3) dbscan 4) elastic search 5)kibana 6) API handling 7) calling Elastic Search for new DB 8) Send results to elastic Search
#note (Method to run code & Imp INstructions):
- change IP to original Elastic Search IP
- change the Siem Table name to its original table name
- If you are running the first time, then ok, because SQL DB and time log will be self-created
- if your database of elastic search has been deleted and time logs are calling previous logs, then an error came, you need to manually change the time log because its a rare event
- Run Siem file.py to get and throw back results to elastic search
- if Siem file.py is successfully running, then you can automate the script using app_run.py
- Goto Background Research Directory, Open ipynb file to view details