five

witfoo/precinct6-cybersecurity

收藏
Hugging Face2026-05-13 更新2026-03-29 收录
下载链接:
https://hf-mirror.com/datasets/witfoo/precinct6-cybersecurity
下载链接
链接失效反馈
官方服务:
资源简介:
WitFoo Precinct6网络安全数据集是一个大规模、标记化的网络安全数据集,源自生产环境安全运营中心(SOC)数据,由WitFoo Precinct 6.x处理生成。数据集包含210万条经过脱敏的安全事件(信号日志)和溯源图(13,119个事件图,含35,133个节点和634,190条边),这些数据来自多个组织的真实企业网络监控。每个事件都附有描述攻击链的自然语言威胁狩猎报告,并提供每个事件的GraphML文件,可直接在图分析工具中加载。数据集旨在支持溯源图入侵检测、AI驱动的网络防御模拟、安全警报分类、MITRE ATT&CK攻击生命周期分析和基于WitFoo 261条领先检测规则的检测规则评估等研究。数据覆盖158种安全产品,包括防火墙、终端保护、网络检测、身份与访问管理、云安全等类别,并经过4层PII脱敏处理。标注方法采用三分类:恶意(事件被确认为攻击模式的一部分)、可疑(事件匹配检测规则但未确认)和良性(事件未匹配规则或标记为误报)。

The WitFoo Precinct6 Cybersecurity Dataset is a large-scale, labeled cybersecurity dataset derived from production Security Operations Center (SOC) data processed by WitFoo Precinct version 6.x. It contains 2.1 million sanitized security events (signal logs) and provenance graphs (13,119 incident graphs with 35,133 nodes and 634,190 edges) from real enterprise network monitoring across multiple organizations. Each incident includes a natural-language threat-hunting report describing the attack chain and per-incident GraphML files for direct loading in graph analysis tools. The dataset is designed to support research in provenance graph-based intrusion detection, AI-driven cyber defense simulation, security alert classification, attack lifecycle analysis using MITRE ATT&CK framework mappings, and detection rule evaluation using WitFoos 261 lead detection rules. It covers 158 security products across categories such as firewalls, endpoint protection, network detection, identity and access, cloud security, and more, with data sanitized through a 4-layer PII removal pipeline. Labeling follows a three-tier methodology: malicious (events embedded in confirmed incidents), suspicious (events matching detection rules but unconfirmed), and benign (events not matching rules or marked as false positives).
提供机构:
witfoo
二维码
社区交流群
二维码
科研交流群
商业服务