1.0 ADBox training pipeline flow LARC-001

Training pipeline flow diagram

The diagram summarizes the flow of the training pipeline orchestrated by the ADBox Engine.

ADBox training pipeline flow diagram

Parent links: SRS-038 Joint Host-Network Training

Child links: SWD-001 ADBox training pipeline

2.0 ADBox historical data prediction pipeline flow LARC-002

Prediction pipeline flow diagram for historical (offline) run mode

The diagram summarizes the flow of the predict pipeline for historical (offline) runmode orchestrated by the ADBox Engine.

ADBox predict pipeline flow - historical diagram

Parent links: SRS-035 Offline Anomaly Detection

Child links: SWD-002 ADBox prediction pipeline, SWD-013 ADBox Prediction pipeline's inner body

3.0 ADBox preprocessing flow LARC-003

Preprocessing flow diagram of ADBox data transformer

The diagram summarizes the flow of the method Preprocessor.preprocessing by the ADBox Data Transformer.

ADBox Preprocessor.preprocessing flow diagram

Parent links: SRS-029 Host & Network Ingestion

Child links: SWD-010 ADBox data transformer, SWD-011 ADBox preprocessing

4.0 IDPS-ESCAPE end-point integrated arch. LARC-004

IDPS-ESCAPE end-point integrated architecture diagram

The diagram illustrates the architecture of IDPS-ESCAPE end-point integrated model.

IDPS-ESCAPE end-point integrated model

Parent links: SRS-033 Remote Endpoint Deployment

5.0 IDPS-ESCAPE end-point hybrid arch. LARC-005

IDPS-ESCAPE end-point hybrid model architecture diagram

The diagram illustrates the architecture of IDPS-ESCAPE end-point hybrid model.

IDPS-ESCAPE end-point hybrid model

Parent links: SRS-033 Remote Endpoint Deployment

6.0 IDPS-ESCAPE end-point host-only IDS arch. LARC-006

IDPS-ESCAPE end-point host-only IDS model architecture diagram

The diagram illustrates the architecture of IDPS-ESCAPE end-point HIDS only model.

IDPS-ESCAPE end-point HIDS only model

Parent links: SRS-033 Remote Endpoint Deployment

7.0 IDPS-ESCAPE end-point capture-only arch. LARC-007

IDPS-ESCAPE end-point capture-only model architecture diagram

The diagram illustrates the architecture of IDPS-ESCAPE end-point capture only model.

IDPS-ESCAPE end-point capture only model

Parent links: SRS-033 Remote Endpoint Deployment

8.0 ADBox batch and real-time prediction flow LARC-008

Batch and real-time ADBox run modes prediction flow diagrams

The diagram summarizes the flow of the prediction pipeline for online run modes orchestrated by the ADBox Engine.

Specifically,

batch mode runs the loop every batch interval,
real-time mode runs the loop every granularity interval.

ADBox predict pipeline flow - online diagram

Parent links: SRS-027 ML-Based Anomaly Detection

Child links: SWD-002 ADBox prediction pipeline, SWD-013 ADBox Prediction pipeline's inner body

9.0 ADBox machine learning package LARC-009

ADBox machine learning package diagram

ADBox ML-packages folder containing the machine learning packages called by the AD pipelines.

ADBox ML-packages

Parent links: SRS-039 Algorithm Selection Option

Child links: SWD-003 MTAD-GAT training, SWD-004 MTAD-GAT prediction, SWD-005 Peak-over-threshold (POT), SWD-006 ADBox Predictor score computation, SWD-007 ADBox MTAD-GAT anomaly prediction, SWD-008 ADBox MTAD-GAT Predictor

10 ADBox data manager LARC-010

ADBox data manager diagram

The diagram below depicts the ADBox Data Manager.

ADBox Data Manager

Parent links: SRS-040 Data Management Subpackage

Child links: SWD-009 ADBox data managers

11 ADBox TimeManager LARC-011

ADBox TimeManager context diagram

The diagram below depicts the ADBox TimeManager.

ADBox Time Manager

Parent links: SRS-041 Time Management Package

Child links: SWD-012 ADBox TimeManager

12 ADBox ConfigManager LARC-012

ADBox ConfigManager context diagram

The diagram below depicts the ADBox ConfigManager.

ADBox Time Manager

Parent links: SRS-018 ML Hyperparameter Tuning, SRS-021 Default Use Case Update

Child links: SWD-014 ADBox config managersactive: true

13 ADBox RequestResponseHandler LARC-013

ADBox RequestResponseHandler context diagram

The diagram below depicts the ADBox RequestResponse Handler subpackage.

ADBox RequestResponseHandler

Parent links: SRS-042 Prediction Shipping Feature

14 ADBox Shipper LARC-014

ADBox Shipper context diagram

The diagram below depicts the ADBox Shipper subpackage.

ADBox Shipper

Parent links: SRS-042 Prediction Shipping Feature

Child links: SWD-015 ADBox Shipper and Template Handler, SWD-016 ADBox shipping of prediction data, SWD-017 ADBox creation of a detector stream

15 RADAR scenario setup flow LARC-015

The diagram below depicts the RADAR scenario setup flow.

RADAR scenario setup

Parent links: HARC-004 RADAR architecture, HARC-005 RADAR Automated Test Framework architecture, SRS-050 Insider Threat Detection and Prevention: Data exfiltration, SRS-051 Suspicious login Detection and Prevention: Impossible travel and Failed-login bursts, SRS-052 DDoS Detection and Prevention: SYN-flood, SRS-053 Malware Communication Detection and Prevention: Beaconing

Child links: SWD-018 RATF: ingestion phase, SWD-019 RATF: setup phase

16 RADAR active response flow LARC-016

The diagram below depicts the RADAR active response flow.

RADAR active response

Child links: SWD-019 RATF: setup phase, SWD-020 RATF: simulation phase, SWD-021 RATF: evaluation phase

17 RADAR integration with Opensearch modules LARC-017

The diagram below depicts how RADAR integrates with Wazuh Opensearch modules.

RADAR integration

18 RADAR logical flow LARC-018

The diagram below depicts the logical flow of RADAR.

RADAR logical flow

Parent links: HARC-004 RADAR architecture, SRS-050 Insider Threat Detection and Prevention: Data exfiltration, SRS-051 Suspicious login Detection and Prevention: Impossible travel and Failed-login bursts, SRS-052 DDoS Detection and Prevention: SYN-flood, SRS-053 Malware Communication Detection and Prevention: Beaconing