SOC Analyst
f456c807db
feat(clustering): ASN + country risk features, fix risk scoring and cluster labels
- Add country_risk() feature (index 21): lookup table 30 pays, CN/RU/KP=1.0, US/DE=0.1
- Add asn_cloud_score() feature (index 22): 50+ keyword match (cloud/CDN/VPN/crawler)
- N_FEATURES: 20 → 23 (SQL query extended with country + asn_org columns)
- Fix centroids_orig: denormalize K-means z-score centroids to [0,1] for display
- Update risk_score_from_centroid(): weights 0.30 ML + 0.12 fuzzing + 0.12 UA-CH
+ 0.12 country_risk + 0.10 asn_cloud (total=1.0)
- Update name_cluster(): new labels 'Source pays risqué', 'Bot cloud UA-CH',
'Infrastructure cloud'; thresholds lowered for better sensitivity
- Risk scores now discriminate: pays risqué 0.35, bot cloud 0.23-0.28, sain 0.06
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-19 10:15:21 +01:00
..
2026-03-14 21:33:55 +01:00
2026-03-15 23:10:35 +01:00
2026-03-14 21:33:55 +01:00
2026-03-14 21:55:52 +01:00
2026-03-15 23:57:27 +01:00
2026-03-16 00:24:53 +01:00
2026-03-19 10:15:21 +01:00
2026-03-18 13:56:39 +01:00
2026-03-15 23:10:35 +01:00
2026-03-18 09:00:47 +01:00
2026-03-15 23:57:27 +01:00
2026-03-15 23:57:27 +01:00
2026-03-15 23:10:35 +01:00
2026-03-18 18:22:57 +01:00
2026-03-16 00:43:27 +01:00
2026-03-18 13:56:39 +01:00
2026-03-15 18:15:01 +01:00
2026-03-18 09:00:47 +01:00
2026-03-18 13:56:39 +01:00
2026-03-18 18:22:57 +01:00
2026-03-18 13:56:39 +01:00