Map MITRE attack to n-dimensional embeddings and vise-versa.
While there are many projects that are looking at SIGMA, Splunk, Snort IDS rule, yaml, python, etc wriring and mapping to MITRE: a) they could probably benefit from more visibility b) they do not then map to a deep learning-based anomaly detection
The trick here is that presumably every deep learning-based anomaly detection will flag anomalies differently. How should we address this?
One approach might be to have examples from Skidway saved for use in testing and development.
We could then focus on educating individuals on how to do the shared vocab between a deep learning anomaly member and MITRE.
Proposed Workflow
Components
