Artificial intelligence

Overview

Artificial Intelligence and machine learning are part of our Security Operation Center for many years.

We’d like to share some of our experience and production use-cases by delivering some features and algorithm within Vulture. The Open Source version of Vulture is not yet as powerful as the one used by our SOC, but we plan to provide some algorithms as free – so then can be tested in your world with Vulture.

All rules and algorithms run within our « Darwin » framework

The darwin framework

Better to go on https://github.com/VultureProject/darwin for a technical presentation of darwin.

Darwin is fully integrated within rsyslog, via a message module « mmdarwin »: Everything that rsyslog is able to process (logs, event, netflow, pcap, …) can pass through the Darwin engine :

Darwin also have a TCP connector as well as a Python SDK so you can add machine learning and Artificial Intelligence to your existing network product / solution !