Hugging Face's logo

xpertsystems
/
cyb010-baseline-classifier

Tabular Classification
PyTorch
cybersecurity
siem
security-logs
mitre-attack
apt
synthetic-data
xgboost
baseline
leakage-diagnostic
Eval Results (legacy)
Model card Files
xet
 Community
cyb010-baseline-classifier / feature_meta.json
pradeep-xpert's picture
pradeep-xpert
Initial release: attack_lifecycle_phase 5-class baseline + 11-oracle-path leakage diagnostic
e2c4702 verified
raw
history blame contribute delete
5.68 kB
{
 "feature_names": [
 "source_port",
 "dest_port",
 "cvss_score_analogue",
 "label_log_tampered",
 "label_false_positive",
 "edr_agent_installed",
 "patch_compliance_level",
 "vulnerability_count_open",
 "hour_of_day",
 "is_off_hours",
 "is_weekend",
 "log_cvss",
 "is_high_cvss",
 "is_well_known_port",
 "is_dynamic_port",
 "is_outbound_web",
 "risk_composite",
 "event_class_application_api",
 "event_class_application_waf",
 "event_class_authentication",
 "event_class_cloud_compute",
 "event_class_cloud_iam",
 "event_class_cloud_storage",
 "event_class_dns_resolution",
 "event_class_endpoint_filesystem",
 "event_class_endpoint_process",
 "event_class_endpoint_registry",
 "event_class_network_flow",
 "event_class_threat_intelligence_match",
 "log_source_type_arcsight_esm",
 "log_source_type_aws_security_hub",
 "log_source_type_elastic_siem",
 "log_source_type_google_chronicle",
 "log_source_type_ibm_qradar",
 "log_source_type_microsoft_sentinel",
 "log_source_type_palo_alto_xsiam",
 "log_source_type_splunk",
 "severity_level_critical",
 "severity_level_high",
 "severity_level_informational",
 "severity_level_low",
 "severity_level_medium",
 "os_type_cloud_managed",
 "os_type_linux_debian",
 "os_type_linux_rhel",
 "os_type_linux_ubuntu",
 "os_type_macos",
 "os_type_windows_server",
 "os_type_windows_workstation",
 "host_role_cloud_compute_instance",
 "host_role_database_server",
 "host_role_domain_controller",
 "host_role_file_server",
 "host_role_ot_ics_controller",
 "host_role_siem_collector",
 "host_role_vpn_gateway",
 "host_role_web_server",
 "host_role_workstation_privileged",
 "host_role_workstation_standard",
 "network_segment_cloud_workload",
 "network_segment_corporate_lan",
 "network_segment_data_exfiltration_target",
 "network_segment_dmz_perimeter",
 "network_segment_endpoint_fleet",
 "network_segment_ot_ics_control_network",
 "network_segment_soc_management_plane",
 "network_segment_zero_trust_segment",
 "defender_posture_tier_hardened",
 "defender_posture_tier_minimal",
 "defender_posture_tier_standard",
 "defender_posture_tier_zero_trust",
 "criticality_rating_critical",
 "criticality_rating_high",
 "criticality_rating_low",
 "criticality_rating_medium",
 "cloud_provider_aws",
 "cloud_provider_azure",
 "cloud_provider_gcp",
 "cloud_provider_on_premises",
 "siem_platform_arcsight_esm",
 "siem_platform_aws_security_hub",
 "siem_platform_elastic_siem",
 "siem_platform_google_chronicle",
 "siem_platform_ibm_qradar",
 "siem_platform_microsoft_sentinel",
 "siem_platform_palo_alto_xsiam",
 "siem_platform_splunk"
 ],
 "numeric_features": [
 "source_port",
 "dest_port",
 "cvss_score_analogue",
 "label_log_tampered",
 "label_false_positive",
 "edr_agent_installed",
 "patch_compliance_level",
 "vulnerability_count_open",
 "hour_of_day",
 "is_off_hours",
 "is_weekend",
 "log_cvss",
 "is_high_cvss",
 "is_well_known_port",
 "is_dynamic_port",
 "is_outbound_web",
 "risk_composite"
 ],
 "categorical_levels": {
 "event_class": [
 "application_api",
 "application_waf",
 "authentication",
 "cloud_compute",
 "cloud_iam",
 "cloud_storage",
 "dns_resolution",
 "endpoint_filesystem",
 "endpoint_process",
 "endpoint_registry",
 "network_flow",
 "threat_intelligence_match"
 ],
 "log_source_type": [
 "arcsight_esm",
 "aws_security_hub",
 "elastic_siem",
 "google_chronicle",
 "ibm_qradar",
 "microsoft_sentinel",
 "palo_alto_xsiam",
 "splunk"
 ],
 "severity_level": [
 "critical",
 "high",
 "informational",
 "low",
 "medium"
 ],
 "os_type": [
 "cloud_managed",
 "linux_debian",
 "linux_rhel",
 "linux_ubuntu",
 "macos",
 "windows_server",
 "windows_workstation"
 ],
 "host_role": [
 "cloud_compute_instance",
 "database_server",
 "domain_controller",
 "file_server",
 "ot_ics_controller",
 "siem_collector",
 "vpn_gateway",
 "web_server",
 "workstation_privileged",
 "workstation_standard"
 ],
 "network_segment": [
 "cloud_workload",
 "corporate_lan",
 "data_exfiltration_target",
 "dmz_perimeter",
 "endpoint_fleet",
 "ot_ics_control_network",
 "soc_management_plane",
 "zero_trust_segment"
 ],
 "defender_posture_tier": [
 "hardened",
 "minimal",
 "standard",
 "zero_trust"
 ],
 "criticality_rating": [
 "critical",
 "high",
 "low",
 "medium"
 ],
 "cloud_provider": [
 "aws",
 "azure",
 "gcp",
 "on_premises"
 ],
 "siem_platform": [
 "arcsight_esm",
 "aws_security_hub",
 "elastic_siem",
 "google_chronicle",
 "ibm_qradar",
 "microsoft_sentinel",
 "palo_alto_xsiam",
 "splunk"
 ]
 },
 "label_to_int": {
 "benign_background": 0,
 "initial_access": 1,
 "lateral_movement": 2,
 "persistence_establishment": 3,
 "exfiltration_or_impact": 4
 },
 "int_to_label": {
 "0": "benign_background",
 "1": "initial_access",
 "2": "lateral_movement",
 "3": "persistence_establishment",
 "4": "exfiltration_or_impact"
 },
 "oracle_excluded": [
 "mitre_tactic",
 "mitre_technique_id",
 "label_malicious",
 "threat_actor_id",
 "threat_actor_profile",
 "event_type"
 ]
}