Hugging Face's logo

xpertsystems
/
cyb008-baseline-classifier

Tabular Classification
PyTorch
cybersecurity
soc-operations
alert-triage
mitre-attack
soar
siem
synthetic-data
xgboost
baseline
leakage-diagnostic
Eval Results (legacy)
Model card Files
xet
 Community
cyb008-baseline-classifier / feature_meta.json
pradeep-xpert's picture
pradeep-xpert
Initial release: XGBoost + MLP for SOC alert triage outcome classification, with structural-leakage and unlearnable-target diagnostic
001717c verified
raw
history blame contribute delete
3.82 kB
{
 "feature_names": [
 "raw_score",
 "enriched_score",
 "time_in_phase_minutes",
 "queue_depth_at_ingestion",
 "soar_playbook_triggered",
 "sla_breached_flag",
 "mttd_minutes",
 "mttr_minutes",
 "fatigue_score_at_alert",
 "enrichment_lift",
 "log_mttr",
 "log_mttd",
 "queue_pressure",
 "enrichment_per_minute",
 "is_high_confidence",
 "alert_severity_critical_confirmed",
 "alert_severity_duplicate_suppressed",
 "alert_severity_false_positive",
 "alert_severity_high_severity",
 "alert_severity_informational",
 "alert_severity_low_severity",
 "alert_severity_medium_severity",
 "alert_source_cspm_cloud_rule",
 "alert_source_edr_behavioural_engine",
 "alert_source_honeypot_trigger",
 "alert_source_itdr_identity_anomaly",
 "alert_source_nids_signature",
 "alert_source_siem_correlation_rule",
 "alert_source_threat_intel_ioc_match",
 "alert_source_ueba_user_anomaly",
 "mitre_tactic_collection",
 "mitre_tactic_command_and_control",
 "mitre_tactic_credential_access",
 "mitre_tactic_defense_evasion",
 "mitre_tactic_discovery",
 "mitre_tactic_execution",
 "mitre_tactic_exfiltration",
 "mitre_tactic_impact",
 "mitre_tactic_initial_access",
 "mitre_tactic_lateral_movement",
 "mitre_tactic_persistence",
 "mitre_tactic_privilege_escalation",
 "analyst_tier_L1_junior",
 "analyst_tier_L2_senior",
 "analyst_tier_L3_threat_hunter",
 "siem_platform_chronicle_google",
 "siem_platform_elastic_siem",
 "siem_platform_exabeam_fusion",
 "siem_platform_ibm_qradar",
 "siem_platform_logrhythm_axon",
 "siem_platform_microsoft_sentinel",
 "siem_platform_splunk_enterprise",
 "siem_platform_sumo_logic"
 ],
 "numeric_features": [
 "raw_score",
 "enriched_score",
 "time_in_phase_minutes",
 "queue_depth_at_ingestion",
 "soar_playbook_triggered",
 "sla_breached_flag",
 "mttd_minutes",
 "mttr_minutes",
 "fatigue_score_at_alert",
 "enrichment_lift",
 "log_mttr",
 "log_mttd",
 "queue_pressure",
 "enrichment_per_minute",
 "is_high_confidence"
 ],
 "categorical_levels": {
 "alert_severity": [
 "critical_confirmed",
 "duplicate_suppressed",
 "false_positive",
 "high_severity",
 "informational",
 "low_severity",
 "medium_severity"
 ],
 "alert_source": [
 "cspm_cloud_rule",
 "edr_behavioural_engine",
 "honeypot_trigger",
 "itdr_identity_anomaly",
 "nids_signature",
 "siem_correlation_rule",
 "threat_intel_ioc_match",
 "ueba_user_anomaly"
 ],
 "mitre_tactic": [
 "collection",
 "command_and_control",
 "credential_access",
 "defense_evasion",
 "discovery",
 "execution",
 "exfiltration",
 "impact",
 "initial_access",
 "lateral_movement",
 "persistence",
 "privilege_escalation"
 ],
 "analyst_tier": [
 "L1_junior",
 "L2_senior",
 "L3_threat_hunter"
 ],
 "siem_platform": [
 "chronicle_google",
 "elastic_siem",
 "exabeam_fusion",
 "ibm_qradar",
 "logrhythm_axon",
 "microsoft_sentinel",
 "splunk_enterprise",
 "sumo_logic"
 ]
 },
 "label_to_int": {
 "auto_resolved_soar": 0,
 "duplicate_merged": 1,
 "false_positive_closed": 2,
 "true_positive_remediated": 3,
 "true_positive_escalated": 4
 },
 "int_to_label": {
 "0": "auto_resolved_soar",
 "1": "duplicate_merged",
 "2": "false_positive_closed",
 "3": "true_positive_remediated",
 "4": "true_positive_escalated"
 },
 "oracle_excluded": [
 "alert_lifecycle_phase",
 "automation_resolved",
 "escalation_flag"
 ],
 "high_cardinality_excluded": [
 "mitre_technique_id",
 "detection_rule_id"
 ]
}