skip to main content

Title: Alert Triage v 0.1 beta

In the cyber security operations of a typical organization, data from multiple sources are monitored, and when certain conditions in the data are met, an alert is generated in an alert management system. Analysts inspect these alerts to decide if any deserve promotion to an event requiring further scrutiny. This triage process is manual, time-consuming, and detracts from the in-depth investigation of events. We have created a software system that uses supervised machine learning to automatically prioritize these alerts. In particular we utilize active learning to make efficient use of the pool of unlabeled alerts, thereby improving the performance of our ranking models over passive learning. We have demonstrated the effectiveness of our system on a large, real-world dataset of cyber security alerts.
 [1] ;  [1] ;  [1] ;  [1] ;  [1]
  1. Sandia National Laboratories
Publication Date:
OSTI Identifier:
Report Number(s):
Alert Triage; 004626MLTPL00
SCR #1637
DOE Contract Number:
Resource Type:
Software Revision:
Software Package Number:
Software CPU:
Open Source:
Source Code Available:
Related Software:
gensim, scikit-learn, python 2.7 or newer, stompy, pygeoip, pymongo, mongodb, numpy, scipy
Research Org:
Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Sponsoring Org:
Country of Publication:
United States

To initiate an order for this software, request consultation services, or receive further information, fill out the request form below. You may also reach us by email at: .

OSTI staff will begin to process an order for scientific and technical software once the payment and signed site license agreement are received. If the forms are not in order, OSTI will contact you. No further action will be taken until all required information and/or payment is received. Orders are usually processed within three to five business days.

Software Request