MiddleMan is a software component designed by TNO to improve detection of DGA domains within the AAD based on the list of domains labelled as DGA by DGA Detective and provided via the Shadowserver API.
Available on …
AAD Cortex Responder02-05-2022
To enable the OIE to inform the AI based Attack Detection component to be informed of changes in infrastructure (i.e. new vulnerable host or new asset) the AAD Cortex Responder was developed. The information is used by REASENS.
REASENS Framework is a hierarchical REAsoning system that enables the collection of events from distributed and heterogeneous SENSors. REASENS provides among others alert correlation and system state inference (under attack, normal operation, erroneous operation). REASENS was developed by AIT.
REASENS is available on <add link>
AMiner (logdata Anomaly Miner) is part of the ÆCID system, a log-based anomaly detection system operating on logs collected from the network layer (e.g., firewalls, switches, routers) and application layer (e.g., Web servers, DNS, application servers etc.). AMiner was developed by AIT. For more information see ÆCID.
AMiner is available on https://github.com/ait-aecid/logdata-anomaly-miner
ABC Tool is a netflow-based anomaly detection, developed by TNO, for internal host communication profiling to detect a.o. lateral movement and data exfiltration.
Contact TNO for information on how to obtain ABC Tool: <add email address>
L-ADS is a netflow-based anomaly detection tool developed by Atos.
Contact Atos for information on how to obtain L-ADS: email@example.com