Initial release: XGBoost + MLP for user-risk-tier classification, plus structural-leakage diagnostic on threat-actor detection
e6a6835 verified | { | |
| "feature_names": [ | |
| "total_login_attempts", | |
| "successful_logins", | |
| "failed_logins", | |
| "mfa_failures", | |
| "impossible_travel_events", | |
| "lateral_hop_count", | |
| "privilege_escalations", | |
| "account_lockout_count", | |
| "geo_dispersion_score", | |
| "login_velocity_score", | |
| "session_anomaly_rate", | |
| "ueba_alert_count", | |
| "overall_identity_risk_score", | |
| "insider_threat_indicator_score", | |
| "avg_session_duration_seconds", | |
| "avg_mfa_response_latency_ms", | |
| "avg_geo_anomaly_score", | |
| "max_geo_anomaly_score", | |
| "frac_impossible_travel", | |
| "n_unique_countries", | |
| "n_unique_devices", | |
| "n_unique_applications", | |
| "failed_login_rate", | |
| "mfa_failure_rate", | |
| "ueba_alerts_per_session", | |
| "hops_per_escalation", | |
| "geo_velocity_composite", | |
| "composite_anomaly_score", | |
| "peak_privilege_level_accessed_admin_domain", | |
| "peak_privilege_level_accessed_admin_local", | |
| "peak_privilege_level_accessed_global_admin", | |
| "peak_privilege_level_accessed_power_user", | |
| "peak_privilege_level_accessed_service_account", | |
| "peak_privilege_level_accessed_standard_user" | |
| ], | |
| "numeric_features": [ | |
| "total_login_attempts", | |
| "successful_logins", | |
| "failed_logins", | |
| "mfa_failures", | |
| "impossible_travel_events", | |
| "lateral_hop_count", | |
| "privilege_escalations", | |
| "account_lockout_count", | |
| "geo_dispersion_score", | |
| "login_velocity_score", | |
| "session_anomaly_rate", | |
| "ueba_alert_count", | |
| "overall_identity_risk_score", | |
| "insider_threat_indicator_score", | |
| "avg_session_duration_seconds", | |
| "avg_mfa_response_latency_ms", | |
| "avg_geo_anomaly_score", | |
| "max_geo_anomaly_score", | |
| "frac_impossible_travel", | |
| "n_unique_countries", | |
| "n_unique_devices", | |
| "n_unique_applications", | |
| "failed_login_rate", | |
| "mfa_failure_rate", | |
| "ueba_alerts_per_session", | |
| "hops_per_escalation", | |
| "geo_velocity_composite", | |
| "composite_anomaly_score" | |
| ], | |
| "categorical_levels": { | |
| "peak_privilege_level_accessed": [ | |
| "admin_domain", | |
| "admin_local", | |
| "global_admin", | |
| "power_user", | |
| "service_account", | |
| "standard_user" | |
| ] | |
| }, | |
| "label_to_int": { | |
| "low": 0, | |
| "medium": 1, | |
| "high": 2 | |
| }, | |
| "int_to_label": { | |
| "0": "low", | |
| "1": "medium", | |
| "2": "high" | |
| }, | |
| "user_leaky_excluded": [ | |
| "threat_actor_flag", | |
| "account_takeover_flag", | |
| "credential_attack_victim_flag" | |
| ] | |
| } |