Classifying Anomalies in HTTP Requests
Last updated
Was this helpful?
Last updated
Was this helpful?
Let's say you wish to route HTTP request logs to the appropriate location.
Normal logs are stored in S3.
Suspicious logs are classified and sent to the corresponding team for further analysis.
Anomaly Types:
1. SQL Injection Attack
2. Unauthorized Access Attempt
3. Server Configuration Error
4. Server Overload due to High Traffic
5. Unknown
Set up the corresponding Listener to the logs collected from HTTP servers, capturing details such as request methods, URLs, status codes, timestamps, and user-agent strings.
Using the Parser action, logs are pre-screened and parsed to identify unusual status codes that may indicate potential anomalies.
Using the Conditional action, logs are filtered based on unusual status codes or patterns in request URLs.
Use the MLreplicate action to filter logs meeting the criteria and send them to public Llama3 model via an API from replicate.com. The model processes the text within these logs to classify the type of anomaly.
Logs meeting the filtering criteria are sent to Llama2 via an API from replicate.com. The model processes the text within these logs to classify the type of anomaly.
Llama3 evaluates each log entry against known patterns and characteristics of the four main categories of anomalies. It assigns a category to each log and provides a rationale based on textual evidence found in the log details.
Use the Parser action to provide the model output and restructure the data to make it a coherent message.
Use the Conditional action to filter the model output message.
Now we want to redirect our data to Slack channels using the Message builder action and then the Slack data sink.
