Hello Guys,
when we enable Machine Learning with Anomaly detection in layer1 and threat detection in layer2 what is actualy the scan Sequenz when we also have the Protection Profile with Standard Signatures applied to Server Policy?
Will the standard pattern be checken in 1st place and then machine learning? or will it beginn with machine Learning > anomalitie > Threat Detection > standard patters from protection profile?
Another question:
who is using Machine Learning in Production environment? is that realy i kind of Fire and Forget setup now?
Thank you
NSE 8
NSE 1 - 7
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
I'm using ML in production enviroment with some early adopters of the technology. It seems to me that ML > Signatures, at least for the 7 Threat models currently supported, as far as I know there will be some more to come, even so the recomendation has been to use the ML and on the Web Protection with the parameters which are not currently worked by the ML for example DOS, GeoIP, etc and even disabling the signatures there.
So far even though the configuration for ML is very simple it has not been much of a "Fire and Forget" as you say because there has been some issues for example with the allowed methods it is not learning them correctly at least so far in version 6.0.2 also we have found othet issues, so I'm working on a couple of cases with technical support. Also as it needs to collect so many samples for each parameter/url most of them take too long to get to running state with the boxplots and the intended behavior, but is very promising probably in a few patches it will be like that.
Regards
Hi,
I'm using ML in production enviroment with some early adopters of the technology. It seems to me that ML > Signatures, at least for the 7 Threat models currently supported, as far as I know there will be some more to come, even so the recomendation has been to use the ML and on the Web Protection with the parameters which are not currently worked by the ML for example DOS, GeoIP, etc and even disabling the signatures there.
So far even though the configuration for ML is very simple it has not been much of a "Fire and Forget" as you say because there has been some issues for example with the allowed methods it is not learning them correctly at least so far in version 6.0.2 also we have found othet issues, so I'm working on a couple of cases with technical support. Also as it needs to collect so many samples for each parameter/url most of them take too long to get to running state with the boxplots and the intended behavior, but is very promising probably in a few patches it will be like that.
Regards
Hi joru,
thank you very much for sharing your experience.
but how is the procedure if static signatures and ML are both enabled? what will be scanned first?
and if you say some of the url/parameters dont even get to a running status you have to have the static signatures as backup right?
would be nice if you keep us here updated about the Cases.
Thank you
NSE 8
NSE 1 - 7
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.