File size: 3,822 Bytes
001717c | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 | {
"feature_names": [
"raw_score",
"enriched_score",
"time_in_phase_minutes",
"queue_depth_at_ingestion",
"soar_playbook_triggered",
"sla_breached_flag",
"mttd_minutes",
"mttr_minutes",
"fatigue_score_at_alert",
"enrichment_lift",
"log_mttr",
"log_mttd",
"queue_pressure",
"enrichment_per_minute",
"is_high_confidence",
"alert_severity_critical_confirmed",
"alert_severity_duplicate_suppressed",
"alert_severity_false_positive",
"alert_severity_high_severity",
"alert_severity_informational",
"alert_severity_low_severity",
"alert_severity_medium_severity",
"alert_source_cspm_cloud_rule",
"alert_source_edr_behavioural_engine",
"alert_source_honeypot_trigger",
"alert_source_itdr_identity_anomaly",
"alert_source_nids_signature",
"alert_source_siem_correlation_rule",
"alert_source_threat_intel_ioc_match",
"alert_source_ueba_user_anomaly",
"mitre_tactic_collection",
"mitre_tactic_command_and_control",
"mitre_tactic_credential_access",
"mitre_tactic_defense_evasion",
"mitre_tactic_discovery",
"mitre_tactic_execution",
"mitre_tactic_exfiltration",
"mitre_tactic_impact",
"mitre_tactic_initial_access",
"mitre_tactic_lateral_movement",
"mitre_tactic_persistence",
"mitre_tactic_privilege_escalation",
"analyst_tier_L1_junior",
"analyst_tier_L2_senior",
"analyst_tier_L3_threat_hunter",
"siem_platform_chronicle_google",
"siem_platform_elastic_siem",
"siem_platform_exabeam_fusion",
"siem_platform_ibm_qradar",
"siem_platform_logrhythm_axon",
"siem_platform_microsoft_sentinel",
"siem_platform_splunk_enterprise",
"siem_platform_sumo_logic"
],
"numeric_features": [
"raw_score",
"enriched_score",
"time_in_phase_minutes",
"queue_depth_at_ingestion",
"soar_playbook_triggered",
"sla_breached_flag",
"mttd_minutes",
"mttr_minutes",
"fatigue_score_at_alert",
"enrichment_lift",
"log_mttr",
"log_mttd",
"queue_pressure",
"enrichment_per_minute",
"is_high_confidence"
],
"categorical_levels": {
"alert_severity": [
"critical_confirmed",
"duplicate_suppressed",
"false_positive",
"high_severity",
"informational",
"low_severity",
"medium_severity"
],
"alert_source": [
"cspm_cloud_rule",
"edr_behavioural_engine",
"honeypot_trigger",
"itdr_identity_anomaly",
"nids_signature",
"siem_correlation_rule",
"threat_intel_ioc_match",
"ueba_user_anomaly"
],
"mitre_tactic": [
"collection",
"command_and_control",
"credential_access",
"defense_evasion",
"discovery",
"execution",
"exfiltration",
"impact",
"initial_access",
"lateral_movement",
"persistence",
"privilege_escalation"
],
"analyst_tier": [
"L1_junior",
"L2_senior",
"L3_threat_hunter"
],
"siem_platform": [
"chronicle_google",
"elastic_siem",
"exabeam_fusion",
"ibm_qradar",
"logrhythm_axon",
"microsoft_sentinel",
"splunk_enterprise",
"sumo_logic"
]
},
"label_to_int": {
"auto_resolved_soar": 0,
"duplicate_merged": 1,
"false_positive_closed": 2,
"true_positive_remediated": 3,
"true_positive_escalated": 4
},
"int_to_label": {
"0": "auto_resolved_soar",
"1": "duplicate_merged",
"2": "false_positive_closed",
"3": "true_positive_remediated",
"4": "true_positive_escalated"
},
"oracle_excluded": [
"alert_lifecycle_phase",
"automation_resolved",
"escalation_flag"
],
"high_cardinality_excluded": [
"mitre_technique_id",
"detection_rule_id"
]
} |