In our previous article, we explored using the GPT-4 Large Language Model (LLM) to condense Linux user sessions. In the context of the same experiment, we dedicated some time to examine sessions that shared similarities. These similar sessions can subsequently aid the analysts in identifying related suspicious activities.

Using LLMs and ESRE to find similar user sessions

Leveraging GPT for Session Categorization

Lessons learned

Prompt engineering

Few-shot tuning

Evaluating GPT Categories

Semantic search with ELSER

What's next

In this publication, we will talk about lessons learned and key takeaways from our experiments using GPT-4 to summarize user sessions.

Using LLMs to summarize user sessions

What is a session?

Data processing

Hallucinations

Parameter tuning

Evaluating GPT Summaries

In this blog, we walk users through identifying beaconing malware in their environment using our beaconing identification framework.

**Beaconing — A primer**

**Our approach**

**How do we do this using Elasticsearch?**

**Tuning parameters and filtering**

**Evaluation**

Identifying beaconing malware using Elastic

In this blog, we will briefly talk about how we fine-tuned a transformer model meant for a masked language modeling (MLM) task, to make it suitable for a classification task.

Preamble

NLP for command line classification

Fine-tuning a Hugging Face model

Importing custom models into Elastic

Using the Transformer model for inference — a series of experiments

Using multiple nodes and threads

Dynamic quantization

Knowledge Distillation

Dynamic quantization and knowledge distillation

Bringing it all together

Getting the Most Out of Transformers in Elastic

Author

Apoorva Joshi

Articles

Using LLMs and ESRE to find similar user sessions

Using LLMs to summarize user sessions

Identifying beaconing malware using Elastic

Getting the Most Out of Transformers in Elastic