Adding Isolation Forest Anomaly Scoring to FlowEnricher: practical, fast NetFlow Machine Learning
Teaching FlowEnricher to Spot Weirdos: Isolation Forest Joins the Party tl;dr: We added unsupervised anomaly detection to FlowEnricher using an Isolation Forest microservice. It scores per-IP behavior in real time and helps catch stealthy port scans and low-and-slow DoS bursts that signatures miss. Yeap, Machine Learning in netflows. Why Isolation Forest? Rule engines are great … Read more
