Hi all,
I work in a Security Operations Center for an organization, which is targeted by lots of Spam and Phishing mails.
Our users have the opportunity to report those Phishing mails to us, where we continue analysing them.
The issue is, that we get plenty of Spam mails reported too.
Now we would like to filter out only the Phishing ones.
Therefore, I have obtained a dataset and trained a model in Splunk.
Regarding the worklow, I am not sure on how to integrate Splunk in the chain.
In our current situation, the raw metadata of the extracted features cannot be streamed in realtime to Splunk but has to be uploaded manually one a week.
I am looking for a solution something like this:
1. Extract the features from newly reported mails
2. Call a ML algorithm with the previously obtained features as paramaters in Splunk via REST
3. Get the result of the classification in an instant
Can this be done within Splunk without having the data to be first forwarded and indexed?
Cheers,
Dan
... View more