Dynamic Kill Chain State Machine
30 December 2023, by Jona Laudan
Photo: Edge2Edge Media
Kill Chain State Machines is a concept of correlating sparse alerts in a noisy environment. This project addresses the limitations of Kill Chain State Machines (KCSM) in dynamic cyber threat detection. The immutability of the underlying data structure creates bottlenecks, hindering real-time alerting and adaptive data modification. The proposed solution introduces two approaches: incremental changes and a query-based system. Emphasizing the latter, the project focuses on efficient database design using tools like Tenzir, Elastic, and Graph Databases. By prioritizing dynamic data retrieval, the project aims to enhance KCSM’s scalability and applicability.
Participants: Jona Laudan