Legionnaire is an AI-powered SIEM (Security Information and Event Management) platform designed for comprehensive, automated threat detection and response. It operates as a modular, GUI-less system running in the background, consisting of a client and a control server.
The model being used is the XGBClassification algorithm, which is an extremely optimised gradient boosting ensemble algorithm. This model was trained and tested on real collected data and verified using the CIC-IDS-2017 dataset. Throughout the hackathon, the model was trained a variety of times, attempting multiclass classification and binary classification of attacks. The final model used is a logistic binary classifier trained with L1 and L2 regularisation, also implementing methods to deal with class imbalances such as weight scaling. This classifier predicts the labels of data containing 79 columns of network traffic to either Benign (0) or Attack (1).
Captures network traffic and performs feature analysis using machine learning to identify suspicious network activity.
Monitors and analyses system logs on Windows, Linux, and Mac to detect anomalous or potentially harmful events.
Hashes all running executables on the device and compares them against external threat databases to detect malicious programs in real time.
Acts as a response system, capable of blocking network attacks via firewall rules, killing processes, and deleting files.
Here's a short demo of the Web-Dashboard in action:
demo.mp4
Graphing and General Statistics:
Program Analysis Logs:
Network Analysis Logs:
System Logs Analysis Logs:
Endpoint (Client) Management:
Client Specific Logs and Actions:
