Toolkit Usage Overview
The Cybersecurity Toolkit provides operators that are capable of analyzing network traffic and detecting suspicious behaviour.
In order to get started with using the Cybersecurity Toolkit, it is highly recommended that the sample applications be used as a baseline for building cybersecurity applications. In many cases, the data must be pre-processed (filtered and enriched) prior to be being analyzed, otherwise the analytics will not work correctly. The sample applications contain the necessary pre-processing operators that enable the analytics to work properly. The three introductory sample projects are:
- DomainProfiling - Detects suspicious behaviour based on profiles built using domains found in DNS response traffic.
- HostProfiling - Detects suspicious behaviour based on profiles built using hosts found in DNS response traffic.
- PredictiveBlocklisting - Predicts where a domain should be added to a blocklist.
Getting Started
For information on how to get started with the cybersecurity toolkit, see the following link: http://ibmstreams.github.io/streamsx.documentation/docs/4.2/cybersecurity/cybersecurity-getting-started/