Machine Learning Model Example - Administrator Guide - 6.8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.8
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Use this example to create a phishing machine learning (ml) model in Cortex XSOAR.

In this example, we want to create a machine learning model for Phishing using a customlabelfield. The customlabelfield manually classifies data as phishing, spam, or legit.

  1. From the New ML Model window, in the Incident type field, select Phishing.

  2. In the Incident field, select the field which contains the label you want the model to train. Assume that the field which contains the type of the mail is called customlabelfield.

    In the Field Values column, the following data is returned:

    ml-model.png
  3. Drag and drop the data from Field Values column into the relevant Verdict columns.

    ml_field_map2.png
  4. In the Argument mapping field keep the arguments as the default. We want the machine learning model to train on Email body, HTML and Subject.

  5. Click Start Training.

    The model starts training and when successful returns the following information:

    ml_results.png

The returned data shows that it found 3 categories together with the percentage scores, which reflect the precision of the results.

You can now use the machine learning model in the Phishing - Generic v3 playbook, in the Machine Learning page or in the War Room. For examples of how to use it in the War Room, see Phishing Command Examples Using a Machine Learning Model.