Anomaly Detection

I would love to see LEM have an anomaly detection engine. Currently the problem with most SIEM products or even monitoring products in general is that it requires you know what problems it is that you want to see in advance so that you can configure the system to detect them. Unfortunately it's very often the case that the thing you need to know about is an unknown. With an anomaly detection engine LEM would be able to use algorithms to detect changes in patterns, deviations from "normal", and rare/unique events. All of these detected things would be based off machine learning, pattern recognition and algorithms versus per-configured thresholds and correlations. This would add a much needed layer of visibility into otherwise often undetected events.

While I have no idea how well it works, the idea for this in LEM came when I ran across the Prelert product.

I would love to hear what others think about this!

Find more posts tagged with

prodfr

Status: None

Comments

antioch

This would be excellent, but it would have to have a decent engine backing it to analyze and determine what is and isn't a problem and something like that added to the already alarming complex lem software would, I imagine, be an extremely daunting task.

FormerMember

We are looking at taking the first step here and doing some statistical analysis, rather than just the element counts you see today. We might have more questions for people interested in this functionality as we start diving into that.

ian.brown

This would be a great feature as it has been mentioned you have this software to monitor strange events that occur yet if you do not know what the event is its quite difficult to make filters or rules to detect them. I'm sure its not simply somthing that can be thrown in a patch but if its released in a future update we'd be more than interested in seeing it work.