Clearcut

Clearcut is a tool that uses machine learning to help you focus on the log entries that really need manual review. This is a beta branch of Clearcut with iforest support. It requires the beta scikit-learn 0.18.0 to be installed.

Prereqs

You need a few libraries installed for this to work.

% sudo pip install scikit-learn
% pip install sklearn-extensions pandas httpagentparser tldextract treeinterpreter

Quick Start: random forest mode

% ./train_flows_rf.py <normal_training_data> -o <malicious_training_data>
% ./analyze_flows.py <bro_http_log>

Quick Start:iforest mode.

% ./train_flows_iforest.py <normal_training_data> -o <malicious_training_data> 
% ./analyze_flows.py <bro_http_log>

More Info

See our BSidesDC 2016 presentation, "Practical Cyborgism: Getting Started with Machine Learning for Incident Detection".

Name		Name	Last commit message	Last commit date
Latest commit History 29 Commits
data		data
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
analyze_flows.py		analyze_flows.py
clearcut_utils.py		clearcut_utils.py
featureizer.py		featureizer.py
flowenhancer.py		flowenhancer.py
train_flows_iforest.py		train_flows_iforest.py
train_flows_rf.py		train_flows_rf.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Clearcut

Prereqs

Quick Start: random forest mode

Quick Start:iforest mode.

More Info

About

Releases

Packages

Languages

License

anthelmintics/Clearcut

Folders and files

Latest commit

History

Repository files navigation

Clearcut

Prereqs

Quick Start: random forest mode

Quick Start:iforest mode.

More Info

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages